Overview

overview

9

Static

static

3

FiddlerSet...st.exe

windows10-1703-x64

9

$PLUGINSDI...up.exe

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

Analytics.dll

windows10-1703-x64

1

Be.Windows...ox.dll

windows10-1703-x64

1

DotNetZip.dll

windows10-1703-x64

1

EnableLoopback.exe

windows10-1703-x64

7

ExecAction.exe

windows10-1703-x64

1

FSE2.exe

windows10-1703-x64

3

Fiddler.exe

windows10-1703-x64

7

ForceCPU.exe

windows10-1703-x64

1

GA.Analyti...or.dll

windows10-1703-x64

1

ImportExpo...ts.dll

windows10-1703-x64

1

ImportExpo...rt.dll

windows10-1703-x64

1

Inspectors...on.dll

windows10-1703-x64

1

Inspectors...or.dll

windows10-1703-x64

1

Inspectors...es.dll

windows10-1703-x64

1

Inspectors...ax.dll

windows10-1703-x64

1

Inspectors...rd.dll

windows10-1703-x64

1

Inspectors...ew.dll

windows10-1703-x64

1

Newtonsoft.Json.dll

windows10-1703-x64

1

Plugins/Ne...ws.dll

windows10-1703-x64

1

RunNsisUni...rs.bat

windows10-1703-x64

1

ScriptEdit...cs.dll

windows10-1703-x64

1

ScriptEdit...or.dll

windows10-1703-x64

1

ScriptEdit...on.dll

windows10-1703-x64

1

ScriptEdit...or.dll

windows10-1703-x64

1

ScriptEdit...rs.dll

windows10-1703-x64

1

ScriptEdit...ax.dll

windows10-1703-x64

1

Scripts/Fi...on.dll

windows10-1703-x64

1

Scripts/Fi...on.dll

windows10-1703-x64

1

$PLUGINSDI...em.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-05-2024 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FiddlerSetup.5.0.20243.10853-latest.exe

  • Size

    4.4MB

  • MD5

    68c831dc8ee4a88592e26cb79a08d410

  • SHA1

    67ffba83eac8f1b7414d7048d681240ddc747c63

  • SHA256

    174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc

  • SHA512

    af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7

  • SSDEEP

    98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY

Score
9/10
discoveryevasion

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 22 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.5.0.20243.10853-latest.exe
    "C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.5.0.20243.10853-latest.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Users\Admin\AppData\Local\Temp\nsw6523.tmp\FiddlerSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\nsw6523.tmp\FiddlerSetup.exe" /D=
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4464
      • C:\Windows\SysWOW64\netsh.exe
        "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
        3⤵
        • Modifies Windows Firewall
        PID:4912
      • C:\Windows\SysWOW64\netsh.exe
        "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
        3⤵
        • Modifies Windows Firewall
        PID:5068
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
        3⤵
          PID:1568
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 170 -InterruptEvent 0 -NGENProcess 160 -Pipe 16c -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            PID:976
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 220 -InterruptEvent 0 -NGENProcess 214 -Pipe 19c -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            PID:4576
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 0 -NGENProcess 240 -Pipe 248 -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            • Drops file in Windows directory
            PID:1304
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 290 -Pipe 280 -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            • Drops file in Windows directory
            PID:4856
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 274 -Pipe 28c -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            PID:2032
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 0 -NGENProcess 220 -Pipe 288 -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            • Drops file in Windows directory
            PID:1564
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 168 -InterruptEvent 0 -NGENProcess 284 -Pipe 244 -Comment "NGen Worker Process"
            4⤵
            • Loads dropped DLL
            • Drops file in Windows directory
            PID:4100
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 214 -Comment "NGen Worker Process"
            4⤵
            • Drops file in Windows directory
            PID:792
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 284 -Pipe 2ac -Comment "NGen Worker Process"
            4⤵
            • Drops file in Windows directory
            PID:2528
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 254 -Pipe 29c -Comment "NGen Worker Process"
            4⤵
            • Drops file in Windows directory
            PID:2864
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
          3⤵
            PID:4916
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 178 -InterruptEvent 0 -NGENProcess 168 -Pipe 174 -Comment "NGen Worker Process"
              4⤵
                PID:3996
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 22c -Pipe 170 -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:4616
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 0 -NGENProcess 23c -Pipe 244 -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:4924
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 228 -Pipe 210 -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:2324
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 0 -NGENProcess 22c -Pipe 294 -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:2032
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 240 -Pipe 20c -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:2156
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 27c -Pipe 22c -Comment "NGen Worker Process"
                4⤵
                • Loads dropped DLL
                • Drops file in Windows directory
                PID:3512
            • C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
              "C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
              3⤵
              • Executes dropped EXE
              PID:2988
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:316
        • C:\Windows\system32\browser_broker.exe
          C:\Windows\system32\browser_broker.exe -Embedding
          1⤵
          • Modifies Internet Explorer settings
          PID:4268
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1592
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3532
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:1152
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4320
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          PID:2852
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          PID:5092

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Persistence

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Privilege Escalation

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Defense Evasion

        Impair Defenses

        1
        T1562

        Disable or Modify System Firewall

        1
        T1562.004

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        Software Discovery

        1
        T1518

        Query Registry

        2
        T1012

        System Information Discovery

        2
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

          Download Submit
        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CIAP84XW\favicon[1].ico
          Filesize

          20KB

          MD5

          12649f4e0c5a37d4a41cbca768c8e7e0

          SHA1

          1257dd7949f4aa81c8f791dceeedd66e486dc3a0

          SHA256

          7b990b226fb3e8970b750dec91d4e8b9b59b2b7b069d0243d7bf70febe8ede53

          SHA512

          a0f96e89664c938ed38b33a127ef56b882f2ef3a60a4e01324602905b054c50a0ab87a725a21e61c3c60b5225e8825cbeab8c5664c2e59be168071f1ce1eeed4

          Download Submit
        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OAVS82YR\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll
          Filesize

          32KB

          MD5

          1c2bd080b0e972a3ee1579895ea17b42

          SHA1

          a09454bc976b4af549a6347618f846d4c93b769b

          SHA256

          166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

          SHA512

          946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll
          Filesize

          461KB

          MD5

          a999d7f3807564cc816c16f862a60bbe

          SHA1

          1ee724daaf70c6b0083bf589674b6f6d8427544f

          SHA256

          8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3

          SHA512

          6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe
          Filesize

          82KB

          MD5

          a897a628beb719bf888c95d70602ee83

          SHA1

          fe9dcec7c9c6f4f664814db6eb611a9a235a04b7

          SHA256

          1ab2c4a1d6d2b4899f63111466e4ebf944ab2ec7917926b20028bf181b22f49a

          SHA512

          11e6c91db91a3233bd4a68711e26144ad96f5f5b8f22004efb08a45d96e3526592ebc49aa6c20b3b8739c6091e3ffade4badefae20e07983e4ab2bc890354a05

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
          Filesize

          3.5MB

          MD5

          d8d686a8e171c52a856187dd6d5b18f2

          SHA1

          53bd857635684130bf340995e452457a61bcee23

          SHA256

          892ff0f941cba2ef1e8d5f7ddb14002e21c95f21a132c50762a4c79ef9fdc475

          SHA512

          fb1f026d92cd2cbcdc0ce9a4bb81a370999cca77c99c5db2b6089a510f55af9aa1c908727fe3f31de3ec8eb3142b3b1f7e2deeca641e2b9d56eb3543ebbbe714

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config
          Filesize

          261B

          MD5

          c2edc7b631abce6db98b978995561e57

          SHA1

          5b1e7a3548763cb6c30145065cfa4b85ed68eb31

          SHA256

          e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14

          SHA512

          5bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll
          Filesize

          52KB

          MD5

          6f9e5c4b5662c7f8d1159edcba6e7429

          SHA1

          c7630476a50a953dab490931b99d2a5eca96f9f6

          SHA256

          e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

          SHA512

          78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll
          Filesize

          695KB

          MD5

          195ffb7167db3219b217c4fd439eedd6

          SHA1

          1e76e6099570ede620b76ed47cf8d03a936d49f8

          SHA256

          e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

          SHA512

          56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll
          Filesize

          192KB

          MD5

          ac80e3ca5ec3ed77ef7f1a5648fd605a

          SHA1

          593077c0d921df0819d48b627d4a140967a6b9e0

          SHA256

          93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

          SHA512

          3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll
          Filesize

          816KB

          MD5

          eaa268802c633f27fcfc90fd0f986e10

          SHA1

          21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

          SHA256

          fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

          SHA512

          c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll
          Filesize

          228KB

          MD5

          3be64186e6e8ad19dc3559ee3c307070

          SHA1

          2f9e70e04189f6c736a3b9d0642f46208c60380a

          SHA256

          79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

          SHA512

          7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
          Filesize

          18KB

          MD5

          94dc69e00d3c9728e5b9924907930a11

          SHA1

          61a8df9ccf28af1da33a69158de6a9a59a01f848

          SHA256

          b22130b228a0777d7fef3cec8a0ba3789bca488978d1607e36dccc85f3e8372f

          SHA512

          a02e5d28dc1cd95f534e26abe5be2ff076e39c164ec37f44717c2ed6c8c013e0230ad621cb33048f79d5df23bd9dcf2748c747b5c89c777982b7ce4799a24673

          Download Submit
        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll
          Filesize

          34KB

          MD5

          798d6938ceab9271cdc532c0943e19dc

          SHA1

          5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3

          SHA256

          fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2

          SHA512

          644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\nsw6523.tmp\FiddlerSetup.exe
          Filesize

          4.4MB

          MD5

          9cfc955fb5d23835a83883134aca8db9

          SHA1

          3aaf8cec695c3d4457e4cec2f573c42c1bb597b1

          SHA256

          229085282b304f9e76d1282419255201941948a7961472e00f28f09dd0a20ca2

          SHA512

          f57591cbb90338fa374c80967992498c33f32efac441469f79627f12b01c2d28da690da8e73fa9c2f602c054fae60ac92e1bdf0860540b6f36eda752129dd56d

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\2145e325c531dd03775cc61606722965\Microsoft.JScript.ni.dll.aux
          Filesize

          580B

          MD5

          18a1be4943b370e1a4c6c86f4d40edf8

          SHA1

          6ee0ce74f2fe6d66f6d4bb756876124f1e125ab7

          SHA256

          83ec02f4b3417470a59969e15bb4b8baaddbb3afdfdb40766cbd4f40f9ac6c7e

          SHA512

          f84075c090794a47167b4881c6d0b60ae6593f91461f27b13fe7c2405f5ce35c523bf3ad7300dd0a76d03d4eaaddadf0deb127e8ed9430bfb31ac62dc63e5944

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\cd03f7a1d6c4031c515fb3f50c42e268\System.Data.SqlXml.ni.dll.aux
          Filesize

          708B

          MD5

          97aca6dbcd69e1697c42df21d0eb40dd

          SHA1

          4af763051f5d603de72bcc9d4ce438001aa3b4e8

          SHA256

          44e9a0b15c6cdae896e9d06c7bc3d906a2c034d5f454c2e13e677e39c03df98d

          SHA512

          01404dd7e954a35e4c8508bee50b45099dbc20e1d36317915516b0f427feef5395f3da11fda9e0f35a92cf3d5f3708b75763bbd270b0882046225fc4ee79105a

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\52c68307282a248618376df5db7f9cce\System.Deployment.ni.dll
          Filesize

          2.2MB

          MD5

          ccdd9605e7bb07b8b0b3b19d8e938615

          SHA1

          49c99a4dba7ea3b3fcd49afc124cb81b14f4cd84

          SHA256

          6a90f268b1848ab002406a929e0c8868838370ccfb4fd747c0b213d62da93572

          SHA512

          dfed841d9b210e9d8eed60c79f1f9ea513b0fe5b00c10002baf3f81ee686c52ea3bf39c612ba69fc1b747c37bba3de25b645f702cc4329f149a28ac036d8bc8b

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\52c68307282a248618376df5db7f9cce\System.Deployment.ni.dll.aux
          Filesize

          1KB

          MD5

          5cd7a11162ad343c63b1a095393a4648

          SHA1

          f8800b320e2ff44441b54069a0964394763f5e27

          SHA256

          4cacd78ece0bade472609be173edee977460d08e9f83c076843b00d9f2493979

          SHA512

          031c389882ac237d1114d1c2d7c273e445e5aa6255b67ce913074fcfc15f4e5ba084738d3b3bd5cd3d007fe571c24635d79e93237d54521f371b0ef1b6cfad29

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\9744e094346545d417a938174608d0ad\System.Numerics.ni.dll.aux
          Filesize

          300B

          MD5

          92a9c814f3020a41161dbc34bd56f083

          SHA1

          6a73beaaa0b9c8311efe48c78340b3c48006b69c

          SHA256

          e19178c57cf46374c21a26fbf667b386e2713b2e34d6ec9995a339298e41d008

          SHA512

          7ee132bfabe022306a3f1f9490a335f515270f28d96cfaa4cbe4f9a5f1cb226af4398f6e59752af19012595d8e360a0523578bf6b82684de968d0c96cb76cc8e

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\88bbec18c44a06edb18eb16d6775008f\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
          Filesize

          644B

          MD5

          5d63037ec7cbf9db439d2fbddc441494

          SHA1

          3b9b9360d712915c4b28c1a052e6f440cd9c7f52

          SHA256

          362dcaf8977b5dc235c2fa775baf105757591c342379005476dc291b6649dd1d

          SHA512

          5a935f1934c5267f191ca5912d8a639354c12c90cc78c96d4782b1b4d3ee4d4e124b57f596c99dd8e9628e41354c4b23bfd9dfd3ce7cbd9c09612aeb6443bb54

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\cccf0195b8a7b2804875769b64f41f8a\System.Security.ni.dll.aux
          Filesize

          912B

          MD5

          87d06bfb3ab0a53cd9b0b543e904e4a1

          SHA1

          9561e273ff56c352d21ce2fa5f25dbf417e433d9

          SHA256

          a5b159194fff9456456b80b593f865ede7796f6938ec0d79ceb3d859913bc2fb

          SHA512

          2dde589b70b5cd44442cf66468e8224b2e143a7318761196490b1d7b151a1263f513d1d6821ea3c2ea20cb2bfa4fa57acc654a8aeaf9bccefc52d13a73174d27

          Download Submit
        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\5fc5747c2c5a8c9903788db8973ea28a\System.Web.ni.dll.aux
          Filesize

          3KB

          MD5

          6510bde649ef42bf85ccbf859750255c

          SHA1

          29da63bb6ee7f3f132bb13728a8ac708610996ec

          SHA256

          068d0bb70c540a186c3777eeb1eaae950247e2c83ffcd17f1055d84d8e1e1754

          SHA512

          f256658288e62b7492c8d28a6c2148f19c8ca4b842a1634291aa7537893bddf624dcc528ea244fbd7070a3a48f59801cea3bcfd07b52fc901f508f50bc70f52a

          Download Submit
        • C:\Windows\assembly\temp\NDK5OCS52L\System.EnterpriseServices.Wrapper.dll
          Filesize

          325KB

          MD5

          31d5e8026f5f75dbe64db30507038143

          SHA1

          ae3c5b26ab4a1195d15685da3a040ec4d2d2ff72

          SHA256

          4c30ca09080aa61b5ea208ab64aa8a430995e5f683ab895bbb62ea88a336f451

          SHA512

          59e8b237704ab64b3ffb8fcbb94ba996ab9a54f8c040d95c06db167a3b1244dd161cc5d23e1539351f9afa89e28e619f088ed949a2880fac6d3860733f088498

          Download Submit
        • C:\Windows\assembly\temp\NDK5OCS52L\System.EnterpriseServices.ni.dll.aux
          Filesize

          1KB

          MD5

          1ccbcbfa8c0ad96a764ac3b0227a9490

          SHA1

          1963d83fb50cb1f061e0a467510f3f42a09eba29

          SHA256

          bf1db8d4dac1a396382f9a060c03f009b8af9e4ed37010db2b918abe4c865989

          SHA512

          b7688a54653f304821e823b9130b7b2e4316e054e9954ab2a06088640c2a46414ff8a4d02f12eece68d7f59ff08c3d71cc3703e1af850425e8d7b9576320be41

          Download Submit
        • \Users\Admin\AppData\Local\Temp\nsn801F.tmp\System.dll
          Filesize

          12KB

          MD5

          192639861e3dc2dc5c08bb8f8c7260d5

          SHA1

          58d30e460609e22fa0098bc27d928b689ef9af78

          SHA256

          23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

          SHA512

          6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\979d991d7ebbe379753c4bd4de4e7d8a\EnableLoopback.ni.exe
          Filesize

          155KB

          MD5

          0180b0fed74396b64d9c0c08b7ac1b6d

          SHA1

          2906f20b0987091759f0c9705e4616fe4619a05f

          SHA256

          7c7381a24a3406b573c29c33e6eabecf2b58a5319a4059cc6f713f45951781d7

          SHA512

          1abde6207f13eda42ac6dc3bad3f92c39ea7ff72a17def8641a18c6afbf7c37328bceb5a426d48097a7aa4bed96903a51ba72ed66c619b8cdbaae35eb1704ee7

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\2145e325c531dd03775cc61606722965\Microsoft.JScript.ni.dll
          Filesize

          2.7MB

          MD5

          d1d5dd7761a0e2c31c2baeeb4442a6ba

          SHA1

          c681dca866baa02e7840bffdbcff349da69ba25c

          SHA256

          84676accc10df0f610772b5d447b058a9fd3c4d399cddc01ef6510d9832915f1

          SHA512

          59891b98e42635c056debe5fdd373b3d31ef1731c653c7df179c0db8544c6bfc6e4899d62a3068b76a652e71899b285e1757260ccaa805658e1e77e00cb9b263

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\cd03f7a1d6c4031c515fb3f50c42e268\System.Data.SqlXml.ni.dll
          Filesize

          3.0MB

          MD5

          0bdbc8f0fb2097d58e463ab73f8c44d8

          SHA1

          c159252064305d27d4b6dfbfdbdc233ac331a453

          SHA256

          6cf016fbbee0fd57d6c44b81d913d8206fb7262413d9d15f7c62e7dfe5d5147a

          SHA512

          91afc6b85cbff3fbf4688c117effb8faa1268a2c16e29176a51807204529b40607cda3d6b5a83583a908c791c96073610fe7640f6a934578cc126b560f5d4803

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\bcab827b24e870428fcdda58e1ebec20\System.EnterpriseServices.ni.dll
          Filesize

          972KB

          MD5

          d65dad1e140f825dda9c7b73a6fe93fe

          SHA1

          8ed7ca22b3988c9cfdedadd447bc7183e82024a2

          SHA256

          ead52a1635188611f7474e6cc860128116f60d7c3bc0cd00cc1cd36b57a6bc73

          SHA512

          e073ac5fb87bdb3d41175cca1047c52f88ebca9418851b4a0e30852e93fc18ffa0c9fab0d974105aa902c03ea15427e43b97be7920561d141201462c39ebb117

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\9744e094346545d417a938174608d0ad\System.Numerics.ni.dll
          Filesize

          307KB

          MD5

          fd0f9bc0584653e7f39b55dd6e743a32

          SHA1

          ada958995ab3b74bcdf05ac0e6270024857fdee0

          SHA256

          aa8f2ae1967de8b8f1989c7e6f92d0f8828b47d80b1ba69cb7a6c6b6fc1cff9b

          SHA512

          38c76c107b0931b1d3cdf60207f5647cc2029dd69b6a28845bba2a792472325d3c074bb98954a60a95ed9971e179a4c2f44af95245a7b153f386d28c5b835e1f

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\c2577ffc64fd5f786d339c18f95dfae7\System.Runtime.Caching.ni.dll
          Filesize

          292KB

          MD5

          5e3818ddd115793a5f1994085a82269a

          SHA1

          9c4d6b78b9a6a2b47f83721022b65b6becec61dc

          SHA256

          609bdef733f0c0c582b75b300e8d1da2b1fe33a7dab947cb61b0426d6f92d3a6

          SHA512

          d5dbbe53f7aa88129e5eae5deb434518ff0f66e712d33cf46ce714c51feec6e3083851923ddaa289f76fcc2374aebaf30c80211207f7cdd49cf6c5bc9a8565f5

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\88bbec18c44a06edb18eb16d6775008f\System.Runtime.Serialization.Formatters.Soap.ni.dll
          Filesize

          337KB

          MD5

          6a74608b40a2787d6fc3ba420f22e73e

          SHA1

          a91e0bce5d4e7b55b308ca1d01bc050a6075747d

          SHA256

          75a50aa3dc7b54b2ca87630807f20d7a79cca0562b6392a65fce14fd0fe8d253

          SHA512

          19c616bc99168cf0dcf38d6e0ea498956561d877658be992df9a5e9a996e39cc3bf60b6c3d766e940549d7c39fda1d1e3438f8812143574108dc830c52c5183c

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Security\cccf0195b8a7b2804875769b64f41f8a\System.Security.ni.dll
          Filesize

          960KB

          MD5

          13bd4f0a19d3ea71a5b1c1b6d5330635

          SHA1

          12909fc81a2cb66a1435803b2c0bbc613a18b243

          SHA256

          3fc2a7a509f23269002e9a5ce3aca634fceb4e4ab70da6cbf56ae1e500fd6052

          SHA512

          400a09b0e29f170c1da464cd4e31f42b1e97de9fb24c29ed531d27014bf1513e6cc943435102e21735973e509c58ed7a099843a35cc2aa115868426047387c96

          Download Submit
        • \Windows\assembly\NativeImages_v4.0.30319_64\System.Web\5fc5747c2c5a8c9903788db8973ea28a\System.Web.ni.dll
          Filesize

          15.7MB

          MD5

          6ab83e2221c6b1f3a306e4432c4a5e33

          SHA1

          23e27796eae9d8e1cf762a85dbedff89d1f68a3f

          SHA256

          8c9da539e47f809693c2d2d631fe28219f28e020805f9b39805760e2652695f7

          SHA512

          41902ab5d3a44e408405656f92b9146bdeb82efd364739bf06d9149ce3dcb0841dbb0703fec5011de4709adc4ea1d0fe8380e301349988d0c5d38a4e289dadb4

          Download Submit
        • memory/316-311-0x000002BE54420000-0x000002BE54430000-memory.dmp
          Filesize

          64KB

          Download
        • memory/316-295-0x000002BE54320000-0x000002BE54330000-memory.dmp
          Filesize

          64KB

          Download
        • memory/316-330-0x000002BE51760000-0x000002BE51762000-memory.dmp
          Filesize

          8KB

          Download
        • memory/976-427-0x0000029040660000-0x00000290406AA000-memory.dmp
          Filesize

          296KB

          Download
        • memory/976-457-0x0000029040FC0000-0x0000029040FFE000-memory.dmp
          Filesize

          248KB

          Download
        • memory/976-429-0x0000029040E40000-0x0000029040EF2000-memory.dmp
          Filesize

          712KB

          Download
        • memory/976-422-0x00000290412B0000-0x00000290417D6000-memory.dmp
          Filesize

          5.1MB

          Download
        • memory/976-431-0x00000290281A0000-0x00000290281AC000-memory.dmp
          Filesize

          48KB

          Download
        • memory/976-445-0x00000290406B0000-0x00000290406EA000-memory.dmp
          Filesize

          232KB

          Download
        • memory/976-449-0x0000029040960000-0x0000029040980000-memory.dmp
          Filesize

          128KB

          Download
        • memory/976-451-0x0000029040DC0000-0x0000029040E04000-memory.dmp
          Filesize

          272KB

          Download
        • memory/976-453-0x00000290409A0000-0x00000290409BA000-memory.dmp
          Filesize

          104KB

          Download
        • memory/976-454-0x0000029041030000-0x0000029041152000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/976-456-0x00000290409C0000-0x00000290409DE000-memory.dmp
          Filesize

          120KB

          Download
        • memory/976-455-0x0000029040F00000-0x0000029040F7E000-memory.dmp
          Filesize

          504KB

          Download
        • memory/976-452-0x0000029040980000-0x000002904099E000-memory.dmp
          Filesize

          120KB

          Download
        • memory/976-450-0x0000029040D80000-0x0000029040DB2000-memory.dmp
          Filesize

          200KB

          Download
        • memory/976-448-0x00000290406F0000-0x0000029040702000-memory.dmp
          Filesize

          72KB

          Download
        • memory/976-447-0x0000029041CB0000-0x000002904217A000-memory.dmp
          Filesize

          4.8MB

          Download
        • memory/976-458-0x0000029040E10000-0x0000029040E22000-memory.dmp
          Filesize

          72KB

          Download
        • memory/976-424-0x00000290408E0000-0x000002904095A000-memory.dmp
          Filesize

          488KB

          Download
        • memory/976-446-0x00000290281D0000-0x00000290281EC000-memory.dmp
          Filesize

          112KB

          Download
        • memory/976-460-0x00000290281B0000-0x00000290281C0000-memory.dmp
          Filesize

          64KB

          Download
        • memory/976-426-0x0000029026860000-0x000002902686C000-memory.dmp
          Filesize

          48KB

          Download
        • memory/976-421-0x0000029040720000-0x00000290407DA000-memory.dmp
          Filesize

          744KB

          Download
        • memory/976-419-0x00000290409F0000-0x0000029040D7A000-memory.dmp
          Filesize

          3.5MB

          Download
        • memory/1564-941-0x000001F56C120000-0x000001F56C145000-memory.dmp
          Filesize

          148KB

          Download
        • memory/2032-272-0x0000064443EC0000-0x0000064443F0F000-memory.dmp
          Filesize

          316KB

          Download
        • memory/2324-245-0x0000064449A20000-0x0000064449B13000-memory.dmp
          Filesize

          972KB

          Download
        • memory/2988-114-0x0000000000B70000-0x0000000000B78000-memory.dmp
          Filesize

          32KB

          Download
        • memory/3996-113-0x000001ADD47D0000-0x000001ADD47F2000-memory.dmp
          Filesize

          136KB

          Download
        • memory/3996-110-0x000001ADD4880000-0x000001ADD4956000-memory.dmp
          Filesize

          856KB

          Download
        • memory/3996-111-0x000001ADD47A0000-0x000001ADD47C2000-memory.dmp
          Filesize

          136KB

          Download
        • memory/3996-112-0x000001ADD4A20000-0x000001ADD4AD2000-memory.dmp
          Filesize

          712KB

          Download
        • memory/3996-109-0x000001ADD4750000-0x000001ADD47A0000-memory.dmp
          Filesize

          320KB

          Download
        • memory/3996-108-0x000001ADBC470000-0x000001ADBC488000-memory.dmp
          Filesize

          96KB

          Download
        • memory/4616-219-0x0000064488000000-0x000006448802A000-memory.dmp
          Filesize

          168KB

          Download
        • memory/4856-714-0x00000190F4C60000-0x00000190F4C85000-memory.dmp
          Filesize

          148KB

          Download
        • memory/4924-339-0x00000644451A0000-0x0000064445496000-memory.dmp
          Filesize

          3.0MB

          Download