Analysis
-
max time kernel
138s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
30-06-2024 01:15
General
-
Target
Fiddler.exe
-
Size
1.4MB
-
MD5
bf4fb7029571683986ecf3a48eacd4fd
-
SHA1
5f1c4f0a79f4a0c8e96d27adbf0153a45a58cc11
-
SHA256
b0eab66bae42868d402f326a37cb0e4364d4a686eb5feb4d93325b5078c1bc0e
-
SHA512
ec240842386f28e87576720252d12c5a02ea9e2c29485d1acaea34c89a1577041462610d953a59e9e4acef4d3c566e861d6672a00d9bf196d778bf13a45bb25e
-
SSDEEP
24576:HA93BNl5yPcNBSuUsRCb/l+53flpmjaqkIw:swLzkIw
Malware Config
Signatures
-
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 4 IoCs
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 64 IoCs
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Modifies registry class 27 IoCs
-
Modifies system certificate store 2 TTPs 14 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 48 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\FiddlerAutoUpdater.exe"C:\Users\Admin\Desktop\FiddlerAutoUpdater.exe" /AUTOUPDATE2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsn26AE.tmp\FiddlerSetup.exe"C:\Users\Admin\AppData\Local\Temp\nsn26AE.tmp\FiddlerSetup.exe" /AUTOUPDATE /D=3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"5⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1c4 -InterruptEvent 0 -NGENProcess 1cc -Pipe 274 -Comment "NGen Worker Process"5⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 28c -Pipe 294 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 2c4 -Pipe 2d0 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 0 -NGENProcess 2c0 -Pipe 2e0 -Comment "NGen Worker Process"5⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 0 -NGENProcess 1cc -Pipe 278 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"5⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 260 -Pipe 1cc -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 0 -NGENProcess 278 -Pipe 27c -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 0 -NGENProcess 280 -Pipe 1bc -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2c4 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 270 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 260 -Comment "NGen Worker Process"5⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper"C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun4⤵
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exeC:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe -startedByUpdate4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe"C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe" /AUTOUPDATE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nse7471.tmp\FiddlerSetup.exe"C:\Users\Admin\AppData\Local\Temp\nse7471.tmp\FiddlerSetup.exe" /AUTOUPDATE /D=6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 0 -NGENProcess 278 -Pipe 258 -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 0 -NGENProcess 270 -Pipe 280 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 28c -Pipe 274 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 290 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 2b4 -Pipe 284 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 298 -Pipe 27c -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2b4 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 270 -Pipe 2c8 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 288 -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2dc -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2c4 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 2f4 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2bc -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2b0 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 30c -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 314 -Pipe 2c0 -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 298 -Pipe 304 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 2ec -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 2e4 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 318 -Pipe 298 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 318 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 324 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f8 -Pipe 334 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 33c -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 35c -Pipe 34c -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 368 -Pipe 36c -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 384 -Pipe 2f8 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 3cc -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3bc -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3fc -InterruptEvent 0 -NGENProcess 3f4 -Pipe 3f8 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 374 -Pipe 3f0 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1b8 -Pipe 1c8 -Comment "NGen Worker Process"8⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 0 -NGENProcess 1dc -Pipe 1b8 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 0 -NGENProcess 284 -Pipe 270 -Comment "NGen Worker Process"8⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper"C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"7⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2Update7⤵
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exeC:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe -startedByUpdate7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Win8EL8⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4084,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4596,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4600,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5368,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5624,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6000,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6152,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6220,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:81⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6928,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6964,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6216,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:11⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6988,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7008,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=4984,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7084,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7236,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:11⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\USERS\ADMIN\APPDATA\LOCAL\PROGRAMS\FIDDLER\PLUGINS\NETWORKCONNECTIONS\TELERIK.NETWORKCONNECTIONS.WINDOWS.DLLFilesize
33KB
MD55889357424d717c8629c8bfabcd0be50
SHA187e7047a40e24bd5ac23f89e072ee39a14a53023
SHA2563564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600
SHA5121af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554EFilesize
1KB
MD52a2fa434933b19096a5a2d664cfd0b34
SHA121d1a298d7948361e581b019d68b7efcd767fdf4
SHA256fb2970372cdcd475666951a2fddfd096113e687a7b3833d36b4d6ca460539348
SHA512cdd5fab1759a7924c12a0d15b2d219d00998b497a94b61bedcfce1e90e696259a389e0521a6ab15ea85a22ac4aac808bbaf4f717ab3193831c0403ecf287386f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554EFilesize
536B
MD56328d8cea9996d8f13a7ae6935ea577c
SHA1a59030162fe760d1d48d3b879fd64d62dfc6a68d
SHA25632b410ce9284b15d6e0465a77bb1f2de51efa6dd91f698f121440c37974af878
SHA5125d2a43a74b287078f207c0a120543e6299adb5477b48018351507557435376b787947bdd7cac624ee94f91eb34c3d4670bd32e8f93bcff92f3a4f159261a1aaf
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Fiddler.exe.logFilesize
2KB
MD58051a06466cf771358d5dda7359ac708
SHA1709399112bf25fbe885fd3130703158e983777ff
SHA256723f88ba2be4daa9612df65fd2fb43e5236a8a7ab8e55f06072f5e0d74cccb92
SHA5123b8dcdf74d6175e833ba920579acbee69246cd239c2317df313e9fcd57c6a0b6f5d754aa585285c89330af00d265050b3f06b95f85878fff111b820e40021fb1
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dllFilesize
32KB
MD51c2bd080b0e972a3ee1579895ea17b42
SHA1a09454bc976b4af549a6347618f846d4c93b769b
SHA256166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
SHA512946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.pdbFilesize
47KB
MD5f84fb6cd84b5d07e3de4d78d38f388ff
SHA10b31f09eeb1af0681614c2f9f90d98b541df580f
SHA25603ca5a20d36bbc0aea28aa3184d65b322cecc3080d55a975cdf0f5d31199829d
SHA51203fa13b39d4fae8bc83b4f37cf24aafc8c4a12a5db0462968ae6a0c96232d727df9264d190ff641115921e350a1981ad518a4740c20e54c433b2f2065522ad52
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dllFilesize
449KB
MD511bbdf80d756b3a877af483195c60619
SHA199aca4f325d559487abc51b0d2ebd4dca62c9462
SHA256698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
SHA512ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exeFilesize
82KB
MD5ea240c9d733ad54a79faaca19ba8d376
SHA12c1d1b3aa6aec6e6e7af7f64637029971a37ba77
SHA2562c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165
SHA512d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exeFilesize
3.5MB
MD532cf2e7c6ae825d5f7cb2a7d39c2ee24
SHA1262176d879e7727375025cae4aafc90698adad26
SHA256d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5
SHA512a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.configFilesize
261B
MD5c2edc7b631abce6db98b978995561e57
SHA15b1e7a3548763cb6c30145065cfa4b85ed68eb31
SHA256e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14
SHA5125bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dllFilesize
52KB
MD56f9e5c4b5662c7f8d1159edcba6e7429
SHA1c7630476a50a953dab490931b99d2a5eca96f9f6
SHA256e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
SHA51278fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.pdbFilesize
93KB
MD5df9591879a5af2a8458fb9148e197313
SHA1189df547db269f1694603eab40519ec0086fc326
SHA2566c19ec08ffb13998ace51e1b531128af12cd47ccadff5e346176c6992c00a843
SHA51289c8f7686048e3329d47bd7f6678cca880d1c2a704664a44276090ed2a5b6452d964c69e2d0161ec8b69586e3aae3c99f63445c22122a1b9bf532234f93af65c
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Inspectors\Standard.dllFilesize
247KB
MD53d70b43bf339c0ee8a5b858aa3174cfa
SHA1a0de61687cd2a72b91d6a4dbd2fed2fa202ac0ae
SHA256ceb5f94b822655ea47babffff72763e2de2497135b473afbd47984d5fbcb4478
SHA5126cc53d58292222862fe69da44e61a67d48cda6fbe02cdb8a55053889882278b01105d7752655eaa63db8ee06cd04fae33f3558db1be73d0470286051a0c39737
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Inspectors\SyntaxView.dllFilesize
68KB
MD5ae5a16a270723a069a3d219318639ae2
SHA1b192159d2ef1807f0595c2ae0d5c0a15bd80b43b
SHA25647745b08fec912dc59c54d18ede668261faa920f8cc9b38129b112dcddcbdcc6
SHA512db589b02c2b076df91d858b8e0304f27dc216c2ca514bef5918d79848958a3d89d0dc243615ce9f6323ef01a19ab1dcb74786fc5a7dfa253634f88d689070697
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dllFilesize
647KB
MD55afda7c7d4f7085e744c2e7599279db3
SHA13a833eb7c6be203f16799d7b7ccd8b8c9d439261
SHA256f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
SHA5127cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dllFilesize
192KB
MD5ac80e3ca5ec3ed77ef7f1a5648fd605a
SHA1593077c0d921df0819d48b627d4a140967a6b9e0
SHA25693b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
SHA5123ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dllFilesize
816KB
MD5eaa268802c633f27fcfc90fd0f986e10
SHA121f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
SHA256fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
SHA512c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dllFilesize
228KB
MD53be64186e6e8ad19dc3559ee3c307070
SHA12f9e70e04189f6c736a3b9d0642f46208c60380a
SHA25679a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
SHA5127d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Addon.dllFilesize
47KB
MD52d94327624f5787df9d0e87dac28987f
SHA1902450afd77bed60d508d482502c562ef332342f
SHA256acc04fec692c7f5e6806fb14b8d3efa3d6670830c74a59d02613bc444db2dbda
SHA512d93454e51c984488f24d255523a6453625063ac44dcddd42934e4cc9c10b9940a1f7d69689b224620d08e9a24d0e109a8346f23690d37993f9b4e3bf37831735
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Connection.dllFilesize
1.8MB
MD5f368e19ccee6123b3e56db718359dc29
SHA1eaa31f6792aa2c350d28dd0ff86ce79b37eab8f6
SHA2562149bef279127adffc549f9311d6ec4f69b09492210f81147989d23663f2e6b7
SHA512b4849e21fb1cfa3bcb9409884b88f52fa222bd6536df3a9117da6f5a8b9082b603b2f4a6e7575ddad8729a4519e7b87c8b8bff462a96362842781a6e3efc166c
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Protocol.dllFilesize
23KB
MD519586252830f7bc0a71251c193a61b6a
SHA1ff7ac037e191e361e5604290c54ceac44fa487af
SHA2560c34d01a3afff47cb26140ea216185f4f8996c1972833449e18823abe2461a29
SHA512ffa82623f6b1f361c144682d8b382abf3c8314804545796cf3d51a904fcdb06e8d8464a67fffb6d90df03eb739a688f40a91a004525aedfb64e6810732547ec4
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Utilities.dllFilesize
18KB
MD5df7b78acf4a4ff7dcc2b7071e10abf85
SHA127576ce153730f09a362484f2b9a5fcc82bebefe
SHA2565d8319bfc4c920bcf655e49638ee894b7b39502aedff39e1758e7a112daa3f0b
SHA5129151d89caa4b66993347897707175f7a1c6818935e6db170a8bcd72ff5f5f05f294c0ffb43a118e9c811ae35e07ec7b386b89bacc26d2d02ed8da400c11c9cf2
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.Parsers.dllFilesize
1.1MB
MD59fe6e9cfedb661c61a2c70fa75008ec3
SHA10f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686
SHA256acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c
SHA512a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\RulesTab2.dllFilesize
35KB
MD56a4c918dad807e7e8b0e9cc75937377e
SHA1c25acdf8c206d4b70981a94b4074b4fe5b3adcfd
SHA256faa5995dccd9acb0c6805e5b6f1c529d151a35d6c881447d64a75df84bcc06d2
SHA512946d1eccc616121625a91a008ea400891f773d3220b8c8b4da5597ec4e8fcba90641a07d16304ba69c03f148c6d2ef7ee247155b4c21559a4ed630b66efea437
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\SampleRules.jsFilesize
22KB
MD5cb7bf8b2d0e15c0ecc290a242b9f743a
SHA1f1215262c0729dc6700fd5158ef6e437e64a4821
SHA25669cc5397e0fa9f99a0d21476da21147631a213f9f15652f8f182f34025abb500
SHA51249202347079e366477ba67372b086f5064b108c0c40aa52dfd833dee821b87cc37d9929d5da4fefdd62a824ebf34c161107f08ea7b33d866d21c266ce99972fe
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\SimpleFilter.dllFilesize
136KB
MD501a0b4a938e6a2f01a760f7944e0f21b
SHA13b026a4bedf5adeb2260915a5eb540d468cf3530
SHA256b8b8dc59a51abe237f563e61aa870c695bc02d3374fde88e75c78e04767fee59
SHA512b7315a3245f7ddbbcbe93ea3cb5dcd56e1153e7a763519de5347b60ad7045f8c894eb5b6cdf9186464c92dde62af0b5a8a18f909b1a3bad7096223fece75d9d7
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\Timeline.dllFilesize
39KB
MD57afa2fa521c70af44c147a423783eef1
SHA130b09b0956961300ad6474d2e9af4365935b5bcc
SHA2568a9d4fa0c9fdfa5680c812fb79bc79f6bef9285cc7bccf1fad2bb1bad09e5271
SHA512490baccd6d08efdff67c3a7b6aa3d60757ee4ee0e412ed693f0b7ace93fccc441d4c7e744926a97b24c25ff0e7a9db4150cb94970706b26a2f952f2cdb091b2e
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelperFilesize
18KB
MD51289dc21a51fb89e685fa4c91764c00e
SHA1b24210c4e71ace272a1984e171d50380687f73fe
SHA2563e6f9a8b9dbd8adb521ce02a1c34e20350b3df438deb5bc4ada33c8cca6d25b9
SHA5129cf63f042197470e622b97bf11845722c6338e69f08932b2f11eca576162235ff82c2def13bf42cea4c3b583ebd0342ca10ca6e5f2a3c53e4a6db5ae7006a0f2
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dllFilesize
34KB
MD5798d6938ceab9271cdc532c0943e19dc
SHA15f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3
SHA256fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2
SHA512644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31
-
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20243.10853\dc2zc3pq.newcfgFilesize
966B
MD561ef8af5101682b3016598ccb2547c1a
SHA17e7b771262614b8c9d2dcf5973508da5838b0ea1
SHA2560b34f037b5bbaa1ba9c66465b3a1d4174f62702767b62dfe4afa685ba3b3cb01
SHA5120faea5409c232bca4366a4d059818bb3ad0f0bb285a3296a625c3b941bb0d4ce1497deed4e339aa9f576a1e701a12f1cb370bad1522b33271b2f4d9300f4b5e8
-
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20243.10853\user.configFilesize
966B
MD5f1b76c3761db61121cc6a1848e095d09
SHA10501e0dd0a60e1b4bbad1d9a7a2f28e6eaec9b4b
SHA256a51106244755ac92b76226dbf0c5ab5ec55e67261834fd102a55c90acc0d1811
SHA512fb21ff03c2e93c6679df43e9fed6dc35c146aab60599315814da721e8ff64cdf21310fd77445a6b4a731bafdba255b06f659e4248527f62d2302705fd885eb41
-
C:\Users\Admin\AppData\Local\Temp\nsn26AE.tmp\FiddlerSetup.exeFilesize
4.3MB
MD55d96b95b066d797c7c468d125882ddcf
SHA18a130db5e4f6207b70939c5007d6689c22378c7d
SHA2567ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe
SHA512fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a
-
C:\Users\Admin\AppData\Local\Temp\nso35D2.tmp\System.dllFilesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
C:\Users\Admin\Desktop\FiddlerAutoUpdater.exeFilesize
4.4MB
MD578537045a5e032d4ac93514f027c7a47
SHA15b6e705b20652c0cf39ee890013b9b8e8ad26b07
SHA25606812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
SHA5128fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
-
C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exeFilesize
4.4MB
MD568c831dc8ee4a88592e26cb79a08d410
SHA167ffba83eac8f1b7414d7048d681240ddc747c63
SHA256174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc
SHA512af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7
-
C:\Users\Admin\Documents\Fiddler2\AutoResponder.xmlFilesize
248B
MD55cebad62a44349c7f830d26de863bdcd
SHA13f36f742187854181ff4d6ff3a8ea3e541cf339b
SHA2566c71ae50f58c1ef2fb46f40f1e89bf52630e9c624ddbdefd59b4a6b18b1d1550
SHA5126db09cab8b840e0f3fa0a08bfdb50e2f638b1df9dba68ad478c4ad84a819deba58acb2465e2c16afa0aec0ec0463ee5f677a9fcc3ab1a8eebafd6be1c7700498
-
C:\Users\Admin\Documents\Fiddler2\CustomMimeMappings.xmlFilesize
338B
MD57f107f3545b86fb8249523f58b4e5eac
SHA13c02ed862b0cbfb7a87dc62fa04402bb779b56fe
SHA256242f53e1a4a8000e41b2fb8eb6a274edf445bf9670ceba42eb7b97ed60ad7e22
SHA51299f49545362bdb486d5f3d4b2d0b52c66fd1f8ab7b8f9930bccaac1bbceeef846e13e28b3a52fb6d0902912608534823a6c201a300f066d689970f032d4c5701
-
C:\Users\Admin\Documents\Fiddler2\Scripts\BrowserPAC.jsFilesize
281B
MD598fdeef2a46dc15e8003f4011e3d0672
SHA10bdf43d67f01b1fe37f28ea7d1d74ebcdac5d0ef
SHA2564a8cd7eaa74ae85c16255c6c4ce0829f6db44815e07cf9af88cbd2ffdd84d4f0
SHA512cf554c86b1731e3a4738d994e6a7097e96ee54c041c0fac196a551121b7450aeb26d0b12918332e8fe4d7d8943ff5868ddfa2827c026a976bba4202b21b78e27
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\d12b539b25fd704b7b7ae29b10af66db\EnableLoopback.ni.exeFilesize
160KB
MD5e6c14393c99958e451ccdc531f17f652
SHA13925d44b95e8cf094e26b1d2476079c69c9e19aa
SHA2560ee22d54805576b590b8b75dde89043e2a7bdc8bd45322b9712e5a07a82143a3
SHA512a08a18a14712e61b8c6d6c1ca3f9b6be32cd252ccd492e7c871432c384f141ebf562c24b3a09be2062d555b91e6f0ec79f2983949d5293219db51c8fb7b18477
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dllFilesize
2.7MB
MD589bedf9727f90a9f8e15826df509d7b9
SHA1f0c590abc08815c38aa522afee4438d69a78c490
SHA256224851ed49ed39bd526910bd252a6f53cc32c0067d80066a30f84329500ba929
SHA5124d300c96062d5853e644675059afb4687246a610d5c86cfe1aa7380e4d69da255e743009339d59b4d00e79991cd8251330a99064447cde28f08821c3dbe448b9
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dll.auxFilesize
580B
MD515d9528aaa8f3ef914a4ae5662f138eb
SHA1944e083df6082e372e81a5dfa7979f4d5e519ed3
SHA2565bcc2ba91c42bb47333af2d30a23d9009475e8710e06f82492e377aa6fe29d4e
SHA512fc22d60f9dc0feadae1a6ee296129abab2d6dd963df35416d6b9d36d00d22f4b2e7dfc2f111cec5d28c8625fec75b68f68ed4ab3fffb86a1c94b8f322a65049c
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dllFilesize
3.0MB
MD5b0bd1b2c367441f420d9cc270cf7fab6
SHA1bdd65767f9c8047125a86b66b5678d8d72a76911
SHA256447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa
SHA512551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.auxFilesize
708B
MD5688ac15ac387cbac93d705be85b08492
SHA1a4fabce08bbe0fee991a8a1a8e8e62230f360ff2
SHA256ce64b26c005cfc1bcf6ac0153f1dbcae07f25934eab3363ff05a72a754992470
SHA512a756ea603d86a66b67163e3aa5d2325174a2748caf6b0eaa9f0600d42c297daa35aa5bfaf4962a1dedbae9437308d19571818cbd3e1542d7a7a26a4d20796074
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dllFilesize
3.0MB
MD53385fdacfda1fc77da651550a705936d
SHA1207023bf3b3ff2c93e9368ba018d32bb11e47a8a
SHA25644a217d721c0fb7de3f52123ace1eeaf62f48f40f55bd816bb32c422d0939eec
SHA512bb8f38dc08b1983a5b5b1b6dac069364cec4f3a9a88fcf277cfdefac376a8c6207078938f064aacef1032f9a15cf9d21174aef4b94a89513fd65a2cfaaab5174
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll.auxFilesize
1KB
MD5b019b58a1fc23042c21fa5518b2c18d5
SHA1a594de6ae6ef0a22c44a5cfacb8e35891f5e557b
SHA2562014e4b8b8183db7940c5dbb1e27fbe3a3993d13b90c04f6286dbe17174e1a1e
SHA51226f9e8ace5821ae91f8a72ad0df19b9dc45f2b6028421f0fbaa7e8de8c65651792bc75d475d8098dde8150440ce14201aa418c91b1c4ad172286f93716d23837
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dllFilesize
314KB
MD550b28be2b84f9dd1258a346525f8c2e5
SHA1203abebaa5c22c9f6ac099d020711669e6655ed8
SHA2566c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac
SHA512d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.auxFilesize
300B
MD55052a26ae1334e99f9c993f0ac477f5b
SHA1941e82d2397f79faf7707569927bb3dbea9ea34c
SHA256ec432d36bb95dcdb1876836b09ba1829c03a83c9b53afbb195c6fa0d7d91375f
SHA512eb5dce71049b099c5764fe449f529b5813aab3d86150331ae384c08973f0487f9a25e1f11498203baa0a093dc2961f6bb0f5d03a86ff9c39f050524c9d32ede2
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dllFilesize
345KB
MD535738b026183e92c1f7a6344cfa189fd
SHA1ccc1510ef4a88a010087321b8af89f0c0c29b6d8
SHA2564075d88d2ba1cff2a8ab9be66176045628d24cae370428e0128f8af3a77639fb
SHA512ab7100c26f60ae30a84ba3de31ca96c530e86e052ffc997fd7fd3144e2049fc0d188a3d075a123b6f728dc882beee3d6a35a086d19d7dad4d385e101382fc436
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.auxFilesize
644B
MD5caba9e7248016ec410e8346b3cf4f51b
SHA1f9e23982f25f1977b0f668090c92cedc783efc89
SHA256638feb99f77dec41e6acd96a76d0b48bbd710a3c25df09d20e226730517c5149
SHA5124577677bd631c76d33521a45de97f4d3e51badb6f859525f91f93abf8bdc86de9b1e27736636aaa5d1bbe677cc98b6d3aac93f873aaf6621fcf186c1274691e4
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dllFilesize
986KB
MD5e4b53e736786edcfbfc70f87c5ef4aad
SHA162cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5
SHA2569ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46
SHA51242a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll.auxFilesize
912B
MD5255a843ca54e88fd16d2befcc1bafb7a
SHA1aee7882de50a5cea1e4c2c2ddfaa4476f20a9be9
SHA2568cd849585fe99e63f28b49f1dae2d1b47a406268dcc5a161e58331a6a3cba3ed
SHA512666866c0d25d61dc04341cf95eb61969698cfafce232097e60cb0537ea2a35635e1e4986036e413fb51927187183aa2e64ecac7fbc26bac46998c0bd84f69e45
-
memory/520-22-0x000000001EFC0000-0x000000001EFCC000-memory.dmpFilesize
48KB
-
memory/520-6-0x000000001E9F0000-0x000000001EA14000-memory.dmpFilesize
144KB
-
memory/520-0-0x00007FFFE3223000-0x00007FFFE3225000-memory.dmpFilesize
8KB
-
memory/520-2-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-3-0x000000001E000000-0x000000001E050000-memory.dmpFilesize
320KB
-
memory/520-1-0x00000000005F0000-0x0000000000766000-memory.dmpFilesize
1.5MB
-
memory/520-77-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-4-0x000000001DFB0000-0x000000001DFC6000-memory.dmpFilesize
88KB
-
memory/520-32-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-5-0x000000001EA40000-0x000000001EA88000-memory.dmpFilesize
288KB
-
memory/520-31-0x000000001C480000-0x000000001C4D0000-memory.dmpFilesize
320KB
-
memory/520-27-0x000000001EFE0000-0x000000001EFE8000-memory.dmpFilesize
32KB
-
memory/520-26-0x000000001FE10000-0x00000000203B4000-memory.dmpFilesize
5.6MB
-
memory/520-18-0x000000001F5F0000-0x000000001F79E000-memory.dmpFilesize
1.7MB
-
memory/520-7-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-8-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-25-0x000000001F7A0000-0x000000001F85A000-memory.dmpFilesize
744KB
-
memory/520-9-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-19-0x000000001F140000-0x000000001F15A000-memory.dmpFilesize
104KB
-
memory/520-10-0x000000001F120000-0x000000001F12C000-memory.dmpFilesize
48KB
-
memory/520-20-0x000000001EF30000-0x000000001EF38000-memory.dmpFilesize
32KB
-
memory/520-23-0x000000001F470000-0x000000001F496000-memory.dmpFilesize
152KB
-
memory/520-24-0x000000001EFD0000-0x000000001EFDE000-memory.dmpFilesize
56KB
-
memory/520-11-0x000000001F180000-0x000000001F1CA000-memory.dmpFilesize
296KB
-
memory/520-15-0x000000001EF70000-0x000000001EFB2000-memory.dmpFilesize
264KB
-
memory/520-12-0x000000001F130000-0x000000001F13C000-memory.dmpFilesize
48KB
-
memory/520-17-0x000000001EF20000-0x000000001EF30000-memory.dmpFilesize
64KB
-
memory/520-13-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-14-0x00007FFFE3220000-0x00007FFFE3CE1000-memory.dmpFilesize
10.8MB
-
memory/520-21-0x000000001EF60000-0x000000001EF68000-memory.dmpFilesize
32KB
-
memory/520-16-0x000000001EF40000-0x000000001EF52000-memory.dmpFilesize
72KB
-
memory/972-322-0x0000064443EC0000-0x0000064443F11000-memory.dmpFilesize
324KB
-
memory/2188-592-0x0000000000EC0000-0x0000000000EC8000-memory.dmpFilesize
32KB
-
memory/2632-374-0x0000025CEC580000-0x0000025CEC58A000-memory.dmpFilesize
40KB
-
memory/2632-376-0x0000025CEC5E0000-0x0000025CEC5E8000-memory.dmpFilesize
32KB
-
memory/2632-380-0x0000025CECA40000-0x0000025CECA66000-memory.dmpFilesize
152KB
-
memory/2632-368-0x0000025CEC560000-0x0000025CEC572000-memory.dmpFilesize
72KB
-
memory/2632-370-0x0000025CEC550000-0x0000025CEC560000-memory.dmpFilesize
64KB
-
memory/2632-382-0x0000025CEC620000-0x0000025CEC62E000-memory.dmpFilesize
56KB
-
memory/2632-372-0x0000025CED170000-0x0000025CED34A000-memory.dmpFilesize
1.9MB
-
memory/2632-378-0x0000025CEC5F0000-0x0000025CEC5FC000-memory.dmpFilesize
48KB
-
memory/2632-366-0x0000025CEC590000-0x0000025CEC5D2000-memory.dmpFilesize
264KB
-
memory/2632-308-0x0000025CCE090000-0x0000025CCE412000-memory.dmpFilesize
3.5MB
-
memory/2632-343-0x0000025CE8A70000-0x0000025CE8A7C000-memory.dmpFilesize
48KB
-
memory/2632-408-0x0000025CECAE0000-0x0000025CECAF0000-memory.dmpFilesize
64KB
-
memory/3204-288-0x0000064449A20000-0x0000064449B18000-memory.dmpFilesize
992KB
-
memory/4112-943-0x0000022444420000-0x0000022444438000-memory.dmpFilesize
96KB
-
memory/4352-273-0x0000064488000000-0x000006448802B000-memory.dmpFilesize
172KB
-
memory/4520-179-0x000001D2F4580000-0x000001D2F4598000-memory.dmpFilesize
96KB
-
memory/4520-183-0x000001D2F64A0000-0x000001D2F6552000-memory.dmpFilesize
712KB
-
memory/4520-185-0x000001D2F5F10000-0x000001D2F5F32000-memory.dmpFilesize
136KB
-
memory/4520-182-0x000001D2F5EE0000-0x000001D2F5F02000-memory.dmpFilesize
136KB
-
memory/4520-181-0x000001D2F6570000-0x000001D2F66F6000-memory.dmpFilesize
1.5MB
-
memory/4664-180-0x0000000000EC0000-0x0000000000EC8000-memory.dmpFilesize
32KB
-
memory/4804-309-0x00000644451A0000-0x00000644454A4000-memory.dmpFilesize
3.0MB
-
memory/4812-757-0x00000223329B0000-0x0000022332A2E000-memory.dmpFilesize
504KB
-
memory/5232-385-0x0000064445320000-0x000006444561E000-memory.dmpFilesize
3.0MB
-
memory/5240-344-0x0000064449980000-0x00000644499D8000-memory.dmpFilesize
352KB
-
memory/5456-439-0x000006443CC40000-0x000006443CEF8000-memory.dmpFilesize
2.7MB
-
memory/5528-802-0x00000253E4BA0000-0x00000253E4C1E000-memory.dmpFilesize
504KB
-
memory/5736-482-0x00000644C00C0000-0x00000644C10E9000-memory.dmpFilesize
16.2MB
-
memory/5736-480-0x000001EB01AE0000-0x000001EB01B06000-memory.dmpFilesize
152KB
-
memory/5780-435-0x00000203780E0000-0x0000020378100000-memory.dmpFilesize
128KB
-
memory/5780-707-0x000001E376450000-0x000001E37645A000-memory.dmpFilesize
40KB
-
memory/5780-433-0x0000020378210000-0x0000020378332000-memory.dmpFilesize
1.1MB
-
memory/5780-425-0x000002035F6B0000-0x000002035F6CC000-memory.dmpFilesize
112KB
-
memory/5780-409-0x0000020377FE0000-0x0000020378088000-memory.dmpFilesize
672KB
-
memory/5780-400-0x0000020377C50000-0x0000020377FD2000-memory.dmpFilesize
3.5MB
-
memory/5780-437-0x0000020378100000-0x0000020378112000-memory.dmpFilesize
72KB
-
memory/5780-424-0x000002035F860000-0x000002035F89A000-memory.dmpFilesize
232KB
-
memory/5780-434-0x0000020377BC0000-0x0000020377C3E000-memory.dmpFilesize
504KB
-
memory/5780-401-0x0000020378510000-0x0000020378A38000-memory.dmpFilesize
5.2MB
-
memory/5780-432-0x0000020377B60000-0x0000020377B7A000-memory.dmpFilesize
104KB
-
memory/5780-403-0x00000203779C0000-0x0000020377A36000-memory.dmpFilesize
472KB
-
memory/5780-431-0x0000020377B40000-0x0000020377B5E000-memory.dmpFilesize
120KB
-
memory/5780-426-0x0000020378F10000-0x00000203793DC000-memory.dmpFilesize
4.8MB
-
memory/5780-427-0x0000020377A40000-0x0000020377A52000-memory.dmpFilesize
72KB
-
memory/5780-784-0x000001EB78F20000-0x000001EB796C6000-memory.dmpFilesize
7.6MB
-
memory/5780-684-0x000001E3578E0000-0x000001E357C6A000-memory.dmpFilesize
3.5MB
-
memory/5780-428-0x0000020377A60000-0x0000020377A80000-memory.dmpFilesize
128KB
-
memory/5780-700-0x000001E3764A0000-0x000001E3764E2000-memory.dmpFilesize
264KB
-
memory/5780-701-0x000001E376470000-0x000001E376482000-memory.dmpFilesize
72KB
-
memory/5780-706-0x000001E377010000-0x000001E3771EA000-memory.dmpFilesize
1.9MB
-
memory/5780-711-0x000001E376510000-0x000001E37651E000-memory.dmpFilesize
56KB
-
memory/5780-710-0x000001E376540000-0x000001E376566000-memory.dmpFilesize
152KB
-
memory/5780-709-0x000001E376490000-0x000001E37649C000-memory.dmpFilesize
48KB
-
memory/5780-708-0x000001E376460000-0x000001E376468000-memory.dmpFilesize
32KB
-
memory/5780-436-0x0000020378140000-0x000002037817C000-memory.dmpFilesize
240KB
-
memory/5780-705-0x000001E376350000-0x000001E376360000-memory.dmpFilesize
64KB
-
memory/5780-430-0x0000020378090000-0x00000203780D4000-memory.dmpFilesize
272KB
-
memory/5780-429-0x0000020377B80000-0x0000020377BB2000-memory.dmpFilesize
200KB
-
memory/6044-685-0x0000020EFA4A0000-0x0000020EFA51E000-memory.dmpFilesize
504KB
-
memory/6044-683-0x0000020EF9FA0000-0x0000020EFA052000-memory.dmpFilesize
712KB
-
memory/6044-682-0x0000020EF9E60000-0x0000020EF9EDA000-memory.dmpFilesize
488KB
-
memory/6044-681-0x0000020EFA070000-0x0000020EFA3FA000-memory.dmpFilesize
3.5MB