Overview

overview

9

Static

static

3

FiddlerSetup.exe

windows7-x64

4

FiddlerSetup.exe

windows10-2004-x64

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analytics.dll

windows7-x64

1

Analytics.dll

windows10-2004-x64

1

Be.Windows...ox.dll

windows7-x64

1

Be.Windows...ox.dll

windows10-2004-x64

1

DotNetZip.dll

windows7-x64

1

DotNetZip.dll

windows10-2004-x64

1

EnableLoopback.exe

windows7-x64

1

EnableLoopback.exe

windows10-2004-x64

5

ExecAction.exe

windows7-x64

1

ExecAction.exe

windows10-2004-x64

1

FSE2.exe

windows7-x64

3

FSE2.exe

windows10-2004-x64

3

Fiddler.exe

windows7-x64

6

Fiddler.exe

windows10-2004-x64

9

ForceCPU.exe

windows7-x64

1

ForceCPU.exe

windows10-2004-x64

1

GA.Analyti...or.dll

windows7-x64

1

GA.Analyti...or.dll

windows10-2004-x64

1

ImportExpo...ts.dll

windows7-x64

1

ImportExpo...ts.dll

windows10-2004-x64

1

ImportExpo...rt.dll

windows7-x64

1

ImportExpo...rt.dll

windows10-2004-x64

1

Inspectors...on.dll

windows7-x64

1

Inspectors...on.dll

windows10-2004-x64

1

Inspectors...or.dll

windows7-x64

1

Inspectors...or.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fiddler.exe

  • Size

    1.5MB

  • MD5

    a5b8c0f51898e9d55e4b3aa7904adf32

  • SHA1

    5eaff276409670f3e8ce4cbb17086f1362d18868

  • SHA256

    5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

  • SHA512

    6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

  • SSDEEP

    12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN

Score
9/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 4 IoCs
    evasion
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 28 IoCs
  • Modifies system certificate store 2 TTPs 11 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
    "C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe
      "C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe" /AUTOUPDATE
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Users\Admin\AppData\Local\Temp\nsi721F.tmp\FiddlerSetup.exe
        "C:\Users\Admin\AppData\Local\Temp\nsi721F.tmp\FiddlerSetup.exe" /AUTOUPDATE /D=
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:5116
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:2028
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:3384
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
          4⤵
            PID:4596
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"
              5⤵
              • Loads dropped DLL
              PID:5244
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 258 -Pipe 260 -Comment "NGen Worker Process"
              5⤵
              • Loads dropped DLL
              PID:5632
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 278 -Pipe 280 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:5640
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 0 -NGENProcess 25c -Pipe 270 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:5288
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2cc -Comment "NGen Worker Process"
              5⤵
              • Loads dropped DLL
              PID:1536
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2d4 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:5904
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2c8 -Pipe 284 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:5480
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2a4 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:2336
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 2e8 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              • Loads dropped DLL
              PID:5560
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2ec -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              PID:2368
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2dc -Pipe 300 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              PID:5228
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2c8 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              PID:2836
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 0 -NGENProcess 318 -Pipe 2c8 -Comment "NGen Worker Process"
              5⤵
              • Drops file in Windows directory
              PID:644
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2bc -Comment "NGen Worker Process"
              5⤵
                PID:5236
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
              4⤵
                PID:4496
                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"
                  5⤵
                    PID:1448
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 0 -NGENProcess 274 -Pipe 1cc -Comment "NGen Worker Process"
                    5⤵
                    • Drops file in Windows directory
                    • Loads dropped DLL
                    PID:3212
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 0 -NGENProcess 26c -Pipe 27c -Comment "NGen Worker Process"
                    5⤵
                    • Drops file in Windows directory
                    • Loads dropped DLL
                    PID:376
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 1bc -Pipe 284 -Comment "NGen Worker Process"
                    5⤵
                    • Drops file in Windows directory
                    • Loads dropped DLL
                    PID:3864
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2a0 -Comment "NGen Worker Process"
                    5⤵
                    • Loads dropped DLL
                    PID:5044
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2c8 -Comment "NGen Worker Process"
                    5⤵
                    • Drops file in Windows directory
                    • Loads dropped DLL
                    PID:3844
                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2cc -Comment "NGen Worker Process"
                    5⤵
                    • Drops file in Windows directory
                    • Loads dropped DLL
                    PID:2360
                • C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
                  "C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
                  4⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:4460
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun
                  4⤵
                    PID:664
                  • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
                    C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe -startedByUpdate
                    4⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies Internet Explorer settings
                    • Modifies system certificate store
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:3460
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Win8EL
                      5⤵
                        PID:5568
                      • C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe
                        "C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe" /AUTOUPDATE
                        5⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of WriteProcessMemory
                        PID:5832
                        • C:\Users\Admin\AppData\Local\Temp\nsbD3E6.tmp\FiddlerSetup.exe
                          "C:\Users\Admin\AppData\Local\Temp\nsbD3E6.tmp\FiddlerSetup.exe" /AUTOUPDATE /D=
                          6⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • System Location Discovery: System Language Discovery
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of WriteProcessMemory
                          PID:5264
                          • C:\Windows\SysWOW64\netsh.exe
                            "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
                            7⤵
                            • Modifies Windows Firewall
                            • Event Triggered Execution: Netsh Helper DLL
                            • System Location Discovery: System Language Discovery
                            PID:1204
                          • C:\Windows\SysWOW64\netsh.exe
                            "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
                            7⤵
                            • Modifies Windows Firewall
                            • Event Triggered Execution: Netsh Helper DLL
                            • System Location Discovery: System Language Discovery
                            PID:4824
                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
                            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
                            7⤵
                              PID:5464
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"
                                8⤵
                                • Loads dropped DLL
                                PID:5360
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 278 -Pipe 280 -Comment "NGen Worker Process"
                                8⤵
                                • Loads dropped DLL
                                PID:5544
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 290 -Pipe 298 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5704
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 278 -Pipe 290 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5644
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2c8 -Pipe 2c4 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:3264
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2bc -InterruptEvent 0 -NGENProcess 2c8 -Pipe 2cc -Comment "NGen Worker Process"
                                8⤵
                                • Loads dropped DLL
                                PID:2484
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 27c -Pipe 260 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:4780
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2bc -Pipe 27c -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5920
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 2c8 -Pipe 2b4 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5556
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2bc -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5216
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 278 -Pipe 2a4 -Comment "NGen Worker Process"
                                8⤵
                                • Loads dropped DLL
                                PID:3524
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2dc -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:5748
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2e0 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:3996
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:6056
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 2c8 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                • Loads dropped DLL
                                PID:1808
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 270 -Pipe 2f8 -Comment "NGen Worker Process"
                                8⤵
                                • Drops file in Windows directory
                                PID:5416
                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 278 -Comment "NGen Worker Process"
                                8⤵
                                  PID:4088
                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 270 -Pipe 304 -Comment "NGen Worker Process"
                                  8⤵
                                    PID:4056
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 0 -NGENProcess 270 -Pipe 314 -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:5412
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2f4 -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:4376
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2d8 -Pipe 294 -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:1020
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 30c -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:3024
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 308 -Pipe 28c -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:664
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 318 -Pipe 32c -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:2928
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 330 -Pipe 334 -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:4780
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 330 -Pipe 334 -Comment "NGen Worker Process"
                                    8⤵
                                    • Drops file in Windows directory
                                    PID:2564
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 0 -NGENProcess 354 -Pipe 360 -Comment "NGen Worker Process"
                                    8⤵
                                      PID:5672
                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 0 -NGENProcess 368 -Pipe 2d0 -Comment "NGen Worker Process"
                                      8⤵
                                      • Drops file in Windows directory
                                      PID:5520
                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 36c -Pipe 378 -Comment "NGen Worker Process"
                                      8⤵
                                      • Drops file in Windows directory
                                      PID:6084
                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3a0 -Pipe 3a8 -Comment "NGen Worker Process"
                                      8⤵
                                      • Drops file in Windows directory
                                      PID:5556
                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3c0 -Pipe 3c4 -Comment "NGen Worker Process"
                                      8⤵
                                      • Drops file in Windows directory
                                      PID:2748
                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
                                    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
                                    7⤵
                                      PID:1488
                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess a4 -Pipe 1c8 -Comment "NGen Worker Process"
                                        8⤵
                                        • Loads dropped DLL
                                        PID:5744
                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 280 -Pipe 288 -Comment "NGen Worker Process"
                                        8⤵
                                        • Loads dropped DLL
                                        PID:5432
                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 28c -Pipe 290 -Comment "NGen Worker Process"
                                        8⤵
                                        • Drops file in Windows directory
                                        PID:1804
                                    • C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
                                      "C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
                                      7⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:5568
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2Update
                                      7⤵
                                        PID:1228
                                      • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
                                        C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe -startedByUpdate
                                        7⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        • Suspicious use of WriteProcessMemory
                                        PID:3368
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Win8EL
                                          8⤵
                                            PID:5668
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4348,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:8
                              1⤵
                                PID:3868
                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                C:\Windows\system32\wbem\WmiApSrv.exe
                                1⤵
                                  PID:2440
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4692,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:1
                                  1⤵
                                    PID:2036
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4700,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1
                                    1⤵
                                      PID:4120
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5572,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
                                      1⤵
                                        PID:4268
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5712,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
                                        1⤵
                                          PID:3636
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6004,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:1
                                          1⤵
                                            PID:2780
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6284,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:1
                                            1⤵
                                              PID:1396
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6296,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
                                              1⤵
                                                PID:1884
                                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                                C:\Windows\system32\wbem\WmiApSrv.exe
                                                1⤵
                                                  PID:5336
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6768,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:8
                                                  1⤵
                                                    PID:5800
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6756,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
                                                    1⤵
                                                    • Modifies registry class
                                                    PID:5808
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=4740,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:1
                                                    1⤵
                                                      PID:5996
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5716,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1
                                                      1⤵
                                                        PID:5868
                                                      • C:\Windows\system32\wbem\WmiApSrv.exe
                                                        C:\Windows\system32\wbem\WmiApSrv.exe
                                                        1⤵
                                                          PID:5404
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7112,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:1
                                                          1⤵
                                                            PID:1204
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=5892,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7528 /prefetch:1
                                                            1⤵
                                                              PID:5448
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=3576,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:1
                                                              1⤵
                                                                PID:5660
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7468,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=7692 /prefetch:1
                                                                1⤵
                                                                  PID:4088
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7728,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:1
                                                                  1⤵
                                                                    PID:4008
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6556,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
                                                                    1⤵
                                                                      PID:3368
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7824,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
                                                                      1⤵
                                                                        PID:5532
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=5776,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:1
                                                                        1⤵
                                                                          PID:896

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v15

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\USERS\ADMIN\APPDATA\LOCAL\PROGRAMS\FIDDLER\PLUGINS\NETWORKCONNECTIONS\TELERIK.NETWORKCONNECTIONS.WINDOWS.DLL
                                                                          Filesize

                                                                          33KB

                                                                          MD5

                                                                          5889357424d717c8629c8bfabcd0be50

                                                                          SHA1

                                                                          87e7047a40e24bd5ac23f89e072ee39a14a53023

                                                                          SHA256

                                                                          3564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600

                                                                          SHA512

                                                                          1af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Fiddler.exe.log
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          8051a06466cf771358d5dda7359ac708

                                                                          SHA1

                                                                          709399112bf25fbe885fd3130703158e983777ff

                                                                          SHA256

                                                                          723f88ba2be4daa9612df65fd2fb43e5236a8a7ab8e55f06072f5e0d74cccb92

                                                                          SHA512

                                                                          3b8dcdf74d6175e833ba920579acbee69246cd239c2317df313e9fcd57c6a0b6f5d754aa585285c89330af00d265050b3f06b95f85878fff111b820e40021fb1

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll
                                                                          Filesize

                                                                          32KB

                                                                          MD5

                                                                          1c2bd080b0e972a3ee1579895ea17b42

                                                                          SHA1

                                                                          a09454bc976b4af549a6347618f846d4c93b769b

                                                                          SHA256

                                                                          166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

                                                                          SHA512

                                                                          946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.pdb
                                                                          Filesize

                                                                          47KB

                                                                          MD5

                                                                          f84fb6cd84b5d07e3de4d78d38f388ff

                                                                          SHA1

                                                                          0b31f09eeb1af0681614c2f9f90d98b541df580f

                                                                          SHA256

                                                                          03ca5a20d36bbc0aea28aa3184d65b322cecc3080d55a975cdf0f5d31199829d

                                                                          SHA512

                                                                          03fa13b39d4fae8bc83b4f37cf24aafc8c4a12a5db0462968ae6a0c96232d727df9264d190ff641115921e350a1981ad518a4740c20e54c433b2f2065522ad52

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll
                                                                          Filesize

                                                                          449KB

                                                                          MD5

                                                                          11bbdf80d756b3a877af483195c60619

                                                                          SHA1

                                                                          99aca4f325d559487abc51b0d2ebd4dca62c9462

                                                                          SHA256

                                                                          698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1

                                                                          SHA512

                                                                          ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe
                                                                          Filesize

                                                                          82KB

                                                                          MD5

                                                                          ea240c9d733ad54a79faaca19ba8d376

                                                                          SHA1

                                                                          2c1d1b3aa6aec6e6e7af7f64637029971a37ba77

                                                                          SHA256

                                                                          2c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165

                                                                          SHA512

                                                                          d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
                                                                          Filesize

                                                                          3.5MB

                                                                          MD5

                                                                          32cf2e7c6ae825d5f7cb2a7d39c2ee24

                                                                          SHA1

                                                                          262176d879e7727375025cae4aafc90698adad26

                                                                          SHA256

                                                                          d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5

                                                                          SHA512

                                                                          a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
                                                                          Filesize

                                                                          3.5MB

                                                                          MD5

                                                                          dff22a12d0891465e4d674b9fe69a29b

                                                                          SHA1

                                                                          5802ad9409d47fe76b5b0092f08281e0dae0fe81

                                                                          SHA256

                                                                          a58ee0e258fb60c0a9cfd404c30c3644b5cd77ec0c2c8bb60535815b651606ed

                                                                          SHA512

                                                                          f40c22275fca90cc61b01f906d56d01ea9ea8e81860be136b1a4a9b29bbfbf512d946e096e5ff2f6a2294b065282285f16660f30fc89f964e6d1676d7551584a

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config
                                                                          Filesize

                                                                          261B

                                                                          MD5

                                                                          c2edc7b631abce6db98b978995561e57

                                                                          SHA1

                                                                          5b1e7a3548763cb6c30145065cfa4b85ed68eb31

                                                                          SHA256

                                                                          e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14

                                                                          SHA512

                                                                          5bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll
                                                                          Filesize

                                                                          52KB

                                                                          MD5

                                                                          6f9e5c4b5662c7f8d1159edcba6e7429

                                                                          SHA1

                                                                          c7630476a50a953dab490931b99d2a5eca96f9f6

                                                                          SHA256

                                                                          e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

                                                                          SHA512

                                                                          78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.pdb
                                                                          Filesize

                                                                          93KB

                                                                          MD5

                                                                          df9591879a5af2a8458fb9148e197313

                                                                          SHA1

                                                                          189df547db269f1694603eab40519ec0086fc326

                                                                          SHA256

                                                                          6c19ec08ffb13998ace51e1b531128af12cd47ccadff5e346176c6992c00a843

                                                                          SHA512

                                                                          89c8f7686048e3329d47bd7f6678cca880d1c2a704664a44276090ed2a5b6452d964c69e2d0161ec8b69586e3aae3c99f63445c22122a1b9bf532234f93af65c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Inspectors\Standard.dll
                                                                          Filesize

                                                                          247KB

                                                                          MD5

                                                                          3d70b43bf339c0ee8a5b858aa3174cfa

                                                                          SHA1

                                                                          a0de61687cd2a72b91d6a4dbd2fed2fa202ac0ae

                                                                          SHA256

                                                                          ceb5f94b822655ea47babffff72763e2de2497135b473afbd47984d5fbcb4478

                                                                          SHA512

                                                                          6cc53d58292222862fe69da44e61a67d48cda6fbe02cdb8a55053889882278b01105d7752655eaa63db8ee06cd04fae33f3558db1be73d0470286051a0c39737

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Inspectors\SyntaxView.dll
                                                                          Filesize

                                                                          68KB

                                                                          MD5

                                                                          ae5a16a270723a069a3d219318639ae2

                                                                          SHA1

                                                                          b192159d2ef1807f0595c2ae0d5c0a15bd80b43b

                                                                          SHA256

                                                                          47745b08fec912dc59c54d18ede668261faa920f8cc9b38129b112dcddcbdcc6

                                                                          SHA512

                                                                          db589b02c2b076df91d858b8e0304f27dc216c2ca514bef5918d79848958a3d89d0dc243615ce9f6323ef01a19ab1dcb74786fc5a7dfa253634f88d689070697

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll
                                                                          Filesize

                                                                          647KB

                                                                          MD5

                                                                          5afda7c7d4f7085e744c2e7599279db3

                                                                          SHA1

                                                                          3a833eb7c6be203f16799d7b7ccd8b8c9d439261

                                                                          SHA256

                                                                          f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

                                                                          SHA512

                                                                          7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll
                                                                          Filesize

                                                                          192KB

                                                                          MD5

                                                                          ac80e3ca5ec3ed77ef7f1a5648fd605a

                                                                          SHA1

                                                                          593077c0d921df0819d48b627d4a140967a6b9e0

                                                                          SHA256

                                                                          93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

                                                                          SHA512

                                                                          3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll
                                                                          Filesize

                                                                          816KB

                                                                          MD5

                                                                          eaa268802c633f27fcfc90fd0f986e10

                                                                          SHA1

                                                                          21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

                                                                          SHA256

                                                                          fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

                                                                          SHA512

                                                                          c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll
                                                                          Filesize

                                                                          228KB

                                                                          MD5

                                                                          3be64186e6e8ad19dc3559ee3c307070

                                                                          SHA1

                                                                          2f9e70e04189f6c736a3b9d0642f46208c60380a

                                                                          SHA256

                                                                          79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

                                                                          SHA512

                                                                          7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Addon.dll
                                                                          Filesize

                                                                          47KB

                                                                          MD5

                                                                          2d94327624f5787df9d0e87dac28987f

                                                                          SHA1

                                                                          902450afd77bed60d508d482502c562ef332342f

                                                                          SHA256

                                                                          acc04fec692c7f5e6806fb14b8d3efa3d6670830c74a59d02613bc444db2dbda

                                                                          SHA512

                                                                          d93454e51c984488f24d255523a6453625063ac44dcddd42934e4cc9c10b9940a1f7d69689b224620d08e9a24d0e109a8346f23690d37993f9b4e3bf37831735

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Connection.dll
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f368e19ccee6123b3e56db718359dc29

                                                                          SHA1

                                                                          eaa31f6792aa2c350d28dd0ff86ce79b37eab8f6

                                                                          SHA256

                                                                          2149bef279127adffc549f9311d6ec4f69b09492210f81147989d23663f2e6b7

                                                                          SHA512

                                                                          b4849e21fb1cfa3bcb9409884b88f52fa222bd6536df3a9117da6f5a8b9082b603b2f4a6e7575ddad8729a4519e7b87c8b8bff462a96362842781a6e3efc166c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Protocol.dll
                                                                          Filesize

                                                                          23KB

                                                                          MD5

                                                                          19586252830f7bc0a71251c193a61b6a

                                                                          SHA1

                                                                          ff7ac037e191e361e5604290c54ceac44fa487af

                                                                          SHA256

                                                                          0c34d01a3afff47cb26140ea216185f4f8996c1972833449e18823abe2461a29

                                                                          SHA512

                                                                          ffa82623f6b1f361c144682d8b382abf3c8314804545796cf3d51a904fcdb06e8d8464a67fffb6d90df03eb739a688f40a91a004525aedfb64e6810732547ec4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Utilities.dll
                                                                          Filesize

                                                                          18KB

                                                                          MD5

                                                                          df7b78acf4a4ff7dcc2b7071e10abf85

                                                                          SHA1

                                                                          27576ce153730f09a362484f2b9a5fcc82bebefe

                                                                          SHA256

                                                                          5d8319bfc4c920bcf655e49638ee894b7b39502aedff39e1758e7a112daa3f0b

                                                                          SHA512

                                                                          9151d89caa4b66993347897707175f7a1c6818935e6db170a8bcd72ff5f5f05f294c0ffb43a118e9c811ae35e07ec7b386b89bacc26d2d02ed8da400c11c9cf2

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.Parsers.dll
                                                                          Filesize

                                                                          1.1MB

                                                                          MD5

                                                                          9fe6e9cfedb661c61a2c70fa75008ec3

                                                                          SHA1

                                                                          0f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686

                                                                          SHA256

                                                                          acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c

                                                                          SHA512

                                                                          a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\RulesTab2.dll
                                                                          Filesize

                                                                          35KB

                                                                          MD5

                                                                          6a4c918dad807e7e8b0e9cc75937377e

                                                                          SHA1

                                                                          c25acdf8c206d4b70981a94b4074b4fe5b3adcfd

                                                                          SHA256

                                                                          faa5995dccd9acb0c6805e5b6f1c529d151a35d6c881447d64a75df84bcc06d2

                                                                          SHA512

                                                                          946d1eccc616121625a91a008ea400891f773d3220b8c8b4da5597ec4e8fcba90641a07d16304ba69c03f148c6d2ef7ee247155b4c21559a4ed630b66efea437

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\SampleRules.js
                                                                          Filesize

                                                                          22KB

                                                                          MD5

                                                                          cb7bf8b2d0e15c0ecc290a242b9f743a

                                                                          SHA1

                                                                          f1215262c0729dc6700fd5158ef6e437e64a4821

                                                                          SHA256

                                                                          69cc5397e0fa9f99a0d21476da21147631a213f9f15652f8f182f34025abb500

                                                                          SHA512

                                                                          49202347079e366477ba67372b086f5064b108c0c40aa52dfd833dee821b87cc37d9929d5da4fefdd62a824ebf34c161107f08ea7b33d866d21c266ce99972fe

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\SimpleFilter.dll
                                                                          Filesize

                                                                          136KB

                                                                          MD5

                                                                          01a0b4a938e6a2f01a760f7944e0f21b

                                                                          SHA1

                                                                          3b026a4bedf5adeb2260915a5eb540d468cf3530

                                                                          SHA256

                                                                          b8b8dc59a51abe237f563e61aa870c695bc02d3374fde88e75c78e04767fee59

                                                                          SHA512

                                                                          b7315a3245f7ddbbcbe93ea3cb5dcd56e1153e7a763519de5347b60ad7045f8c894eb5b6cdf9186464c92dde62af0b5a8a18f909b1a3bad7096223fece75d9d7

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Scripts\Timeline.dll
                                                                          Filesize

                                                                          39KB

                                                                          MD5

                                                                          7afa2fa521c70af44c147a423783eef1

                                                                          SHA1

                                                                          30b09b0956961300ad6474d2e9af4365935b5bcc

                                                                          SHA256

                                                                          8a9d4fa0c9fdfa5680c812fb79bc79f6bef9285cc7bccf1fad2bb1bad09e5271

                                                                          SHA512

                                                                          490baccd6d08efdff67c3a7b6aa3d60757ee4ee0e412ed693f0b7ace93fccc441d4c7e744926a97b24c25ff0e7a9db4150cb94970706b26a2f952f2cdb091b2e

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
                                                                          Filesize

                                                                          18KB

                                                                          MD5

                                                                          1289dc21a51fb89e685fa4c91764c00e

                                                                          SHA1

                                                                          b24210c4e71ace272a1984e171d50380687f73fe

                                                                          SHA256

                                                                          3e6f9a8b9dbd8adb521ce02a1c34e20350b3df438deb5bc4ada33c8cca6d25b9

                                                                          SHA512

                                                                          9cf63f042197470e622b97bf11845722c6338e69f08932b2f11eca576162235ff82c2def13bf42cea4c3b583ebd0342ca10ca6e5f2a3c53e4a6db5ae7006a0f2

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll
                                                                          Filesize

                                                                          34KB

                                                                          MD5

                                                                          798d6938ceab9271cdc532c0943e19dc

                                                                          SHA1

                                                                          5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3

                                                                          SHA256

                                                                          fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2

                                                                          SHA512

                                                                          644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20244.10953\3y54icdt.newcfg
                                                                          Filesize

                                                                          966B

                                                                          MD5

                                                                          f2b5d1ae570c4c534dd44bc085de7ce3

                                                                          SHA1

                                                                          72b6f967661d118c6a65b55b5c9cb4cb9166749b

                                                                          SHA256

                                                                          bb528955ba194fea2e5c4899981c4240b16469a3efbbff0a157484234cc56ac7

                                                                          SHA512

                                                                          eceba34833fa5f81f1ad414ed5952543fb8ac506447316d435d3112cbf3450bb84d32dfa6e5f11aa4cc627d425929baa397586232abbf335365cdb60577e7063

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20244.10953\user.config
                                                                          Filesize

                                                                          966B

                                                                          MD5

                                                                          bc30e1a0c547dde01ff4fd6dde4cbee5

                                                                          SHA1

                                                                          a9a484eb1fb6621db57905970fcce08f30123623

                                                                          SHA256

                                                                          7f987a74be12255ea21f762c01970d47f50351d59546db97e97e6ef546fc7079

                                                                          SHA512

                                                                          63f0d48098ee7fcceacd58fdcc3d0efac8ae02937b67d29587b714f88437e0f1a5f20194c1b00f04a6ebce01deb952d0f06cbe61b4657e81c491cd634b46e851

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\nsa8460.tmp\System.dll
                                                                          Filesize

                                                                          12KB

                                                                          MD5

                                                                          4add245d4ba34b04f213409bfe504c07

                                                                          SHA1

                                                                          ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                                                                          SHA256

                                                                          9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                                                                          SHA512

                                                                          1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\nsi721F.tmp\FiddlerSetup.exe
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          5d96b95b066d797c7c468d125882ddcf

                                                                          SHA1

                                                                          8a130db5e4f6207b70939c5007d6689c22378c7d

                                                                          SHA256

                                                                          7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe

                                                                          SHA512

                                                                          fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a

                                                                          Download Submit

                                                                        • C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe
                                                                          Filesize

                                                                          4.4MB

                                                                          MD5

                                                                          78537045a5e032d4ac93514f027c7a47

                                                                          SHA1

                                                                          5b6e705b20652c0cf39ee890013b9b8e8ad26b07

                                                                          SHA256

                                                                          06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

                                                                          SHA512

                                                                          8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47

                                                                          Download Submit

                                                                        • C:\Users\Admin\Desktop\FiddlerClassicAutoUpdater.exe
                                                                          Filesize

                                                                          4.5MB

                                                                          MD5

                                                                          3bf913d9d7e297ff245316ee6e226576

                                                                          SHA1

                                                                          d8d20128584423a470edc989b3c04c65a6a8cbaf

                                                                          SHA256

                                                                          67b09c7abc5ef34998c82f3130830ccb182a62f415eecff47fc3a268fcef9832

                                                                          SHA512

                                                                          29f92100581967c3af5c4076fca117faf093136f7a626d068c1bcb0739a18ddb5ba8ce2b11c4b8edefd93fb2caee8f7e10bc3b9771a053bda218a4f90b670814

                                                                          Download Submit

                                                                        • C:\Users\Admin\Documents\Fiddler2\AutoResponder.xml
                                                                          Filesize

                                                                          248B

                                                                          MD5

                                                                          58918ac6dfd6799a3d2982c711e0e319

                                                                          SHA1

                                                                          e62c8412f2d48627c44312bb9424aa0dcaf23be6

                                                                          SHA256

                                                                          34c0b075ed996b49a0caedff8141701ca149c13ad89af89191fd936b7a72d1dc

                                                                          SHA512

                                                                          4fe86af48588ef222f31bf947716e28ec7b575383792278a365f706a1a479636903e62065e45b9b2d9202874c7053b03908ec093c3b82fbec2d28fc4c11c4496

                                                                          Download Submit

                                                                        • C:\Users\Admin\Documents\Fiddler2\CustomMimeMappings.xml
                                                                          Filesize

                                                                          338B

                                                                          MD5

                                                                          7f107f3545b86fb8249523f58b4e5eac

                                                                          SHA1

                                                                          3c02ed862b0cbfb7a87dc62fa04402bb779b56fe

                                                                          SHA256

                                                                          242f53e1a4a8000e41b2fb8eb6a274edf445bf9670ceba42eb7b97ed60ad7e22

                                                                          SHA512

                                                                          99f49545362bdb486d5f3d4b2d0b52c66fd1f8ab7b8f9930bccaac1bbceeef846e13e28b3a52fb6d0902912608534823a6c201a300f066d689970f032d4c5701

                                                                          Download Submit

                                                                        • C:\Users\Admin\Documents\Fiddler2\Scripts\BrowserPAC.js
                                                                          Filesize

                                                                          281B

                                                                          MD5

                                                                          98fdeef2a46dc15e8003f4011e3d0672

                                                                          SHA1

                                                                          0bdf43d67f01b1fe37f28ea7d1d74ebcdac5d0ef

                                                                          SHA256

                                                                          4a8cd7eaa74ae85c16255c6c4ce0829f6db44815e07cf9af88cbd2ffdd84d4f0

                                                                          SHA512

                                                                          cf554c86b1731e3a4738d994e6a7097e96ee54c041c0fac196a551121b7450aeb26d0b12918332e8fe4d7d8943ff5868ddfa2827c026a976bba4202b21b78e27

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\d12b539b25fd704b7b7ae29b10af66db\EnableLoopback.ni.exe
                                                                          Filesize

                                                                          160KB

                                                                          MD5

                                                                          e6c14393c99958e451ccdc531f17f652

                                                                          SHA1

                                                                          3925d44b95e8cf094e26b1d2476079c69c9e19aa

                                                                          SHA256

                                                                          0ee22d54805576b590b8b75dde89043e2a7bdc8bd45322b9712e5a07a82143a3

                                                                          SHA512

                                                                          a08a18a14712e61b8c6d6c1ca3f9b6be32cd252ccd492e7c871432c384f141ebf562c24b3a09be2062d555b91e6f0ec79f2983949d5293219db51c8fb7b18477

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dll
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          89bedf9727f90a9f8e15826df509d7b9

                                                                          SHA1

                                                                          f0c590abc08815c38aa522afee4438d69a78c490

                                                                          SHA256

                                                                          224851ed49ed39bd526910bd252a6f53cc32c0067d80066a30f84329500ba929

                                                                          SHA512

                                                                          4d300c96062d5853e644675059afb4687246a610d5c86cfe1aa7380e4d69da255e743009339d59b4d00e79991cd8251330a99064447cde28f08821c3dbe448b9

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dll.aux
                                                                          Filesize

                                                                          580B

                                                                          MD5

                                                                          15d9528aaa8f3ef914a4ae5662f138eb

                                                                          SHA1

                                                                          944e083df6082e372e81a5dfa7979f4d5e519ed3

                                                                          SHA256

                                                                          5bcc2ba91c42bb47333af2d30a23d9009475e8710e06f82492e377aa6fe29d4e

                                                                          SHA512

                                                                          fc22d60f9dc0feadae1a6ee296129abab2d6dd963df35416d6b9d36d00d22f4b2e7dfc2f111cec5d28c8625fec75b68f68ed4ab3fffb86a1c94b8f322a65049c

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll
                                                                          Filesize

                                                                          3.0MB

                                                                          MD5

                                                                          b0bd1b2c367441f420d9cc270cf7fab6

                                                                          SHA1

                                                                          bdd65767f9c8047125a86b66b5678d8d72a76911

                                                                          SHA256

                                                                          447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa

                                                                          SHA512

                                                                          551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.aux
                                                                          Filesize

                                                                          708B

                                                                          MD5

                                                                          688ac15ac387cbac93d705be85b08492

                                                                          SHA1

                                                                          a4fabce08bbe0fee991a8a1a8e8e62230f360ff2

                                                                          SHA256

                                                                          ce64b26c005cfc1bcf6ac0153f1dbcae07f25934eab3363ff05a72a754992470

                                                                          SHA512

                                                                          a756ea603d86a66b67163e3aa5d2325174a2748caf6b0eaa9f0600d42c297daa35aa5bfaf4962a1dedbae9437308d19571818cbd3e1542d7a7a26a4d20796074

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll
                                                                          Filesize

                                                                          3.0MB

                                                                          MD5

                                                                          3385fdacfda1fc77da651550a705936d

                                                                          SHA1

                                                                          207023bf3b3ff2c93e9368ba018d32bb11e47a8a

                                                                          SHA256

                                                                          44a217d721c0fb7de3f52123ace1eeaf62f48f40f55bd816bb32c422d0939eec

                                                                          SHA512

                                                                          bb8f38dc08b1983a5b5b1b6dac069364cec4f3a9a88fcf277cfdefac376a8c6207078938f064aacef1032f9a15cf9d21174aef4b94a89513fd65a2cfaaab5174

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll.aux
                                                                          Filesize

                                                                          1KB

                                                                          MD5

                                                                          b019b58a1fc23042c21fa5518b2c18d5

                                                                          SHA1

                                                                          a594de6ae6ef0a22c44a5cfacb8e35891f5e557b

                                                                          SHA256

                                                                          2014e4b8b8183db7940c5dbb1e27fbe3a3993d13b90c04f6286dbe17174e1a1e

                                                                          SHA512

                                                                          26f9e8ace5821ae91f8a72ad0df19b9dc45f2b6028421f0fbaa7e8de8c65651792bc75d475d8098dde8150440ce14201aa418c91b1c4ad172286f93716d23837

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll
                                                                          Filesize

                                                                          993KB

                                                                          MD5

                                                                          f9746e198135ad1434e8a4d7a61011d7

                                                                          SHA1

                                                                          380246326d619f4ab314dd5166630909633b6e71

                                                                          SHA256

                                                                          be1475efa60535392e503a89eee5f1f4eea59f9ea577505e81bbee89e7d05d77

                                                                          SHA512

                                                                          ba91cb2ddfc0f416444761e74580633a86453a7814d3b3c2dd81d61e4b2d24a8dee916a9870bc297aa4a3be7e03ccd3d3570908afc724548ac01314e7e5a5cea

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll
                                                                          Filesize

                                                                          314KB

                                                                          MD5

                                                                          50b28be2b84f9dd1258a346525f8c2e5

                                                                          SHA1

                                                                          203abebaa5c22c9f6ac099d020711669e6655ed8

                                                                          SHA256

                                                                          6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

                                                                          SHA512

                                                                          d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.aux
                                                                          Filesize

                                                                          300B

                                                                          MD5

                                                                          5052a26ae1334e99f9c993f0ac477f5b

                                                                          SHA1

                                                                          941e82d2397f79faf7707569927bb3dbea9ea34c

                                                                          SHA256

                                                                          ec432d36bb95dcdb1876836b09ba1829c03a83c9b53afbb195c6fa0d7d91375f

                                                                          SHA512

                                                                          eb5dce71049b099c5764fe449f529b5813aab3d86150331ae384c08973f0487f9a25e1f11498203baa0a093dc2961f6bb0f5d03a86ff9c39f050524c9d32ede2

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\6f69c2900b13ef16144a4dd218db8baf\System.Runtime.Caching.ni.dll
                                                                          Filesize

                                                                          298KB

                                                                          MD5

                                                                          c883a838ed84b26639cfc3ca2127c2cf

                                                                          SHA1

                                                                          34c823cd7bc3142750166092c2ca09b70f404680

                                                                          SHA256

                                                                          3668b7461749367ef7338e6765611576b059f662a3dcd105750ff573d2483a7c

                                                                          SHA512

                                                                          d16f65fc48534b10c7c0481f7e7588db3a56b9504f7102629a20cba117277efecf547758533501008684d2f9f8a92469517435e400a10cf2db347a317c2459dc

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll
                                                                          Filesize

                                                                          345KB

                                                                          MD5

                                                                          35738b026183e92c1f7a6344cfa189fd

                                                                          SHA1

                                                                          ccc1510ef4a88a010087321b8af89f0c0c29b6d8

                                                                          SHA256

                                                                          4075d88d2ba1cff2a8ab9be66176045628d24cae370428e0128f8af3a77639fb

                                                                          SHA512

                                                                          ab7100c26f60ae30a84ba3de31ca96c530e86e052ffc997fd7fd3144e2049fc0d188a3d075a123b6f728dc882beee3d6a35a086d19d7dad4d385e101382fc436

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
                                                                          Filesize

                                                                          644B

                                                                          MD5

                                                                          caba9e7248016ec410e8346b3cf4f51b

                                                                          SHA1

                                                                          f9e23982f25f1977b0f668090c92cedc783efc89

                                                                          SHA256

                                                                          638feb99f77dec41e6acd96a76d0b48bbd710a3c25df09d20e226730517c5149

                                                                          SHA512

                                                                          4577677bd631c76d33521a45de97f4d3e51badb6f859525f91f93abf8bdc86de9b1e27736636aaa5d1bbe677cc98b6d3aac93f873aaf6621fcf186c1274691e4

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll
                                                                          Filesize

                                                                          986KB

                                                                          MD5

                                                                          e4b53e736786edcfbfc70f87c5ef4aad

                                                                          SHA1

                                                                          62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

                                                                          SHA256

                                                                          9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

                                                                          SHA512

                                                                          42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll.aux
                                                                          Filesize

                                                                          912B

                                                                          MD5

                                                                          255a843ca54e88fd16d2befcc1bafb7a

                                                                          SHA1

                                                                          aee7882de50a5cea1e4c2c2ddfaa4476f20a9be9

                                                                          SHA256

                                                                          8cd849585fe99e63f28b49f1dae2d1b47a406268dcc5a161e58331a6a3cba3ed

                                                                          SHA512

                                                                          666866c0d25d61dc04341cf95eb61969698cfafce232097e60cb0537ea2a35635e1e4986036e413fb51927187183aa2e64ecac7fbc26bac46998c0bd84f69e45

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\3248866fdc0058e6a1a5d64c5019ee84\System.Web.RegularExpressions.ni.dll
                                                                          Filesize

                                                                          302KB

                                                                          MD5

                                                                          150c4c418ddecce4978dea59c2ae5acc

                                                                          SHA1

                                                                          e1a32875edc6afbfc0fa4d086ab50fb42578c859

                                                                          SHA256

                                                                          3322cf01cbea15ba9e327b4d50914539397f1ace4689097a8943d53667297faa

                                                                          SHA512

                                                                          421e30e85c587b93c20b9a9a971eb14a68594d1e423cb93863c173320480b73e64437451e30c67690bbac7fade23a53549d7c2326ee057d1ef15b3164828b99d

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\44d302d3062a00a6bd5a39f743bdb4ef\System.Web.ni.dll
                                                                          Filesize

                                                                          16.2MB

                                                                          MD5

                                                                          b5840712456c7cb4de53695522e2a41c

                                                                          SHA1

                                                                          c8fa753ff825f929d5e78d6f6059fc6806951a69

                                                                          SHA256

                                                                          3cd39a70525ab32c60ed04b3791d692106afc322f399561cc7bc5b5a8e8d2a64

                                                                          SHA512

                                                                          02220870c1c06a15352f7cc75deea2645a58d93ec40f3a465cc0373d9aa98746f8739eb9120ddf8b5a3acafc6db617d3c77c7825eb7a11abab81e1fa466dcd1e

                                                                          Download Submit

                                                                        • C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\44d302d3062a00a6bd5a39f743bdb4ef\System.Web.ni.dll.aux
                                                                          Filesize

                                                                          3KB

                                                                          MD5

                                                                          63e9b3188a82677302a3719048abbf2a

                                                                          SHA1

                                                                          83e5e36719513fa0f37877752b42b98f67138edb

                                                                          SHA256

                                                                          a5c799cde2f9ca15018f56fc05cfca9717055a71015acf9c29248c2001f678e1

                                                                          SHA512

                                                                          c951d3b79f13d5853f600652a219831173019e9e1f56096251a60f9801d77afa0cedfef9b77827a2e55d58ff81c915f3754225ebe9f0cfdcc4537372df638269

                                                                          Download Submit

                                                                        • memory/376-327-0x00000644451A0000-0x00000644454A4000-memory.dmp

                                                                          Filesize

                                                                          3.0MB

                                                                          Download

                                                                        • memory/1448-187-0x0000023024E40000-0x0000023024E62000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1448-182-0x0000023024D40000-0x0000023024D58000-memory.dmp

                                                                          Filesize

                                                                          96KB

                                                                          Download

                                                                        • memory/1448-185-0x0000023024E00000-0x0000023024E22000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1448-184-0x000002303D250000-0x000002303D3D6000-memory.dmp

                                                                          Filesize

                                                                          1.5MB

                                                                          Download

                                                                        • memory/1448-186-0x000002303D180000-0x000002303D232000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/1472-2-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-32-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-19-0x000000001EE80000-0x000000001EE8C000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/1472-4-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-3-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-23-0x00000000206B0000-0x0000000020C54000-memory.dmp

                                                                          Filesize

                                                                          5.6MB

                                                                          Download

                                                                        • memory/1472-18-0x000000001EE50000-0x000000001EE58000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/1472-0-0x00007FF857463000-0x00007FF857465000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/1472-24-0x000000001C4E0000-0x000000001C4E8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/1472-29-0x00007FF857463000-0x00007FF857465000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/1472-16-0x000000001EE60000-0x000000001EE7A000-memory.dmp

                                                                          Filesize

                                                                          104KB

                                                                          Download

                                                                        • memory/1472-17-0x000000001EE40000-0x000000001EE48000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/1472-20-0x000000001EEC0000-0x000000001EEE6000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/1472-5-0x000000001F890000-0x000000001F89C000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/1472-15-0x000000001FE50000-0x000000001FFFE000-memory.dmp

                                                                          Filesize

                                                                          1.7MB

                                                                          Download

                                                                        • memory/1472-6-0x000000001FA00000-0x000000001FA4A000-memory.dmp

                                                                          Filesize

                                                                          296KB

                                                                          Download

                                                                        • memory/1472-14-0x000000001EE10000-0x000000001EE20000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/1472-13-0x000000001EE20000-0x000000001EE32000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/1472-31-0x000000001B920000-0x000000001BAC9000-memory.dmp

                                                                          Filesize

                                                                          1.7MB

                                                                          Download

                                                                        • memory/1472-22-0x000000001FD60000-0x000000001FE1A000-memory.dmp

                                                                          Filesize

                                                                          744KB

                                                                          Download

                                                                        • memory/1472-8-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-33-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-21-0x000000001EE90000-0x000000001EE9E000-memory.dmp

                                                                          Filesize

                                                                          56KB

                                                                          Download

                                                                        • memory/1472-1-0x0000000000810000-0x000000000098E000-memory.dmp

                                                                          Filesize

                                                                          1.5MB

                                                                          Download

                                                                        • memory/1472-7-0x000000001F8A0000-0x000000001F8AC000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/1472-35-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-75-0x000000001B920000-0x000000001BAC9000-memory.dmp

                                                                          Filesize

                                                                          1.7MB

                                                                          Download

                                                                        • memory/1472-12-0x000000001FC50000-0x000000001FC92000-memory.dmp

                                                                          Filesize

                                                                          264KB

                                                                          Download

                                                                        • memory/1472-28-0x000000001FC00000-0x000000001FC50000-memory.dmp

                                                                          Filesize

                                                                          320KB

                                                                          Download

                                                                        • memory/1472-9-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-10-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-11-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-79-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/1472-30-0x00007FF857460000-0x00007FF857F21000-memory.dmp

                                                                          Filesize

                                                                          10.8MB

                                                                          Download

                                                                        • memory/2360-345-0x0000064449980000-0x00000644499D8000-memory.dmp

                                                                          Filesize

                                                                          352KB

                                                                          Download

                                                                        • memory/3212-265-0x0000064488000000-0x000006448802B000-memory.dmp

                                                                          Filesize

                                                                          172KB

                                                                          Download

                                                                        • memory/3264-836-0x000001E2FC740000-0x000001E2FC766000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/3368-769-0x000001B973A80000-0x000001B973A88000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/3368-832-0x000001C175380000-0x000001C175B26000-memory.dmp

                                                                          Filesize

                                                                          7.6MB

                                                                          Download

                                                                        • memory/3368-768-0x000001B973A50000-0x000001B973A5A000-memory.dmp

                                                                          Filesize

                                                                          40KB

                                                                          Download

                                                                        • memory/3368-770-0x000001B973A90000-0x000001B973A9C000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/3368-765-0x000001B9739F0000-0x000001B973A00000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/3368-772-0x000001B973B70000-0x000001B973B7E000-memory.dmp

                                                                          Filesize

                                                                          56KB

                                                                          Download

                                                                        • memory/3368-766-0x000001B973CD0000-0x000001B973EAA000-memory.dmp

                                                                          Filesize

                                                                          1.9MB

                                                                          Download

                                                                        • memory/3368-764-0x000001B973A20000-0x000001B973A32000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/3368-771-0x000001B973B90000-0x000001B973BB6000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/3368-763-0x000001B973AA0000-0x000001B973AE2000-memory.dmp

                                                                          Filesize

                                                                          264KB

                                                                          Download

                                                                        • memory/3368-743-0x000001B954CC0000-0x000001B95504C000-memory.dmp

                                                                          Filesize

                                                                          3.5MB

                                                                          Download

                                                                        • memory/3460-397-0x000001AB569B0000-0x000001AB569BC000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/3460-386-0x000001AB56930000-0x000001AB56942000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/3460-401-0x000001AB569C0000-0x000001AB569CE000-memory.dmp

                                                                          Filesize

                                                                          56KB

                                                                          Download

                                                                        • memory/3460-399-0x000001AB569F0000-0x000001AB56A16000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/3460-395-0x000001AB569A0000-0x000001AB569A8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/3460-389-0x000001AB56950000-0x000001AB56960000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/3460-393-0x000001AB56970000-0x000001AB5697A000-memory.dmp

                                                                          Filesize

                                                                          40KB

                                                                          Download

                                                                        • memory/3460-361-0x000001AB58690000-0x000001AB5869C000-memory.dmp

                                                                          Filesize

                                                                          48KB

                                                                          Download

                                                                        • memory/3460-391-0x000001AB5A3B0000-0x000001AB5A58A000-memory.dmp

                                                                          Filesize

                                                                          1.9MB

                                                                          Download

                                                                        • memory/3460-384-0x000001AB59100000-0x000001AB59142000-memory.dmp

                                                                          Filesize

                                                                          264KB

                                                                          Download

                                                                        • memory/3460-326-0x000001AB3B6A0000-0x000001AB3BA22000-memory.dmp

                                                                          Filesize

                                                                          3.5MB

                                                                          Download

                                                                        • memory/3844-369-0x0000064445320000-0x000006444561E000-memory.dmp

                                                                          Filesize

                                                                          3.0MB

                                                                          Download

                                                                        • memory/3864-291-0x0000064449A20000-0x0000064449B18000-memory.dmp

                                                                          Filesize

                                                                          992KB

                                                                          Download

                                                                        • memory/4460-183-0x00000000009F0000-0x00000000009F8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/5044-306-0x0000064443EC0000-0x0000064443F11000-memory.dmp

                                                                          Filesize

                                                                          324KB

                                                                          Download

                                                                        • memory/5216-895-0x0000020E3BEB0000-0x0000020E3BF2E000-memory.dmp

                                                                          Filesize

                                                                          504KB

                                                                          Download

                                                                        • memory/5244-427-0x000001E21BCC0000-0x000001E21BD04000-memory.dmp

                                                                          Filesize

                                                                          272KB

                                                                          Download

                                                                        • memory/5244-426-0x000001E21BB50000-0x000001E21BB82000-memory.dmp

                                                                          Filesize

                                                                          200KB

                                                                          Download

                                                                        • memory/5244-387-0x000001E21BD20000-0x000001E21C0A2000-memory.dmp

                                                                          Filesize

                                                                          3.5MB

                                                                          Download

                                                                        • memory/5244-405-0x000001E21BA90000-0x000001E21BB06000-memory.dmp

                                                                          Filesize

                                                                          472KB

                                                                          Download

                                                                        • memory/5244-422-0x000001E2037A0000-0x000001E2037BC000-memory.dmp

                                                                          Filesize

                                                                          112KB

                                                                          Download

                                                                        • memory/5244-429-0x000001E21BB10000-0x000001E21BB2A000-memory.dmp

                                                                          Filesize

                                                                          104KB

                                                                          Download

                                                                        • memory/5244-425-0x000001E203840000-0x000001E203860000-memory.dmp

                                                                          Filesize

                                                                          128KB

                                                                          Download

                                                                        • memory/5244-430-0x000001E21C1E0000-0x000001E21C302000-memory.dmp

                                                                          Filesize

                                                                          1.1MB

                                                                          Download

                                                                        • memory/5244-432-0x000001E21BB30000-0x000001E21BB50000-memory.dmp

                                                                          Filesize

                                                                          128KB

                                                                          Download

                                                                        • memory/5244-403-0x000001E21C5E0000-0x000001E21CB08000-memory.dmp

                                                                          Filesize

                                                                          5.2MB

                                                                          Download

                                                                        • memory/5244-407-0x000001E21BBC0000-0x000001E21BC68000-memory.dmp

                                                                          Filesize

                                                                          672KB

                                                                          Download

                                                                        • memory/5244-428-0x000001E203960000-0x000001E20397E000-memory.dmp

                                                                          Filesize

                                                                          120KB

                                                                          Download

                                                                        • memory/5244-421-0x000001E203920000-0x000001E20395A000-memory.dmp

                                                                          Filesize

                                                                          232KB

                                                                          Download

                                                                        • memory/5244-423-0x000001E21CB10000-0x000001E21CFDC000-memory.dmp

                                                                          Filesize

                                                                          4.8MB

                                                                          Download

                                                                        • memory/5244-424-0x000001E2037C0000-0x000001E2037D2000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/5244-434-0x000001E21BB90000-0x000001E21BBA2000-memory.dmp

                                                                          Filesize

                                                                          72KB

                                                                          Download

                                                                        • memory/5244-436-0x000001E203760000-0x000001E203770000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/5244-433-0x000001E21C130000-0x000001E21C16C000-memory.dmp

                                                                          Filesize

                                                                          240KB

                                                                          Download

                                                                        • memory/5244-431-0x000001E21C0B0000-0x000001E21C12E000-memory.dmp

                                                                          Filesize

                                                                          504KB

                                                                          Download

                                                                        • memory/5288-461-0x00000180F7AD0000-0x00000180F7AF6000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download

                                                                        • memory/5360-775-0x00000175D8690000-0x00000175D870E000-memory.dmp

                                                                          Filesize

                                                                          504KB

                                                                          Download

                                                                        • memory/5360-773-0x00000175D7FE0000-0x00000175D805A000-memory.dmp

                                                                          Filesize

                                                                          488KB

                                                                          Download

                                                                        • memory/5360-774-0x00000175D8540000-0x00000175D85F2000-memory.dmp

                                                                          Filesize

                                                                          712KB

                                                                          Download

                                                                        • memory/5360-767-0x00000175D80F0000-0x00000175D847C000-memory.dmp

                                                                          Filesize

                                                                          3.5MB

                                                                          Download

                                                                        • memory/5560-532-0x000001E9FB7E0000-0x000001E9FB85E000-memory.dmp

                                                                          Filesize

                                                                          504KB

                                                                          Download

                                                                        • memory/5568-643-0x00000000007D0000-0x00000000007D8000-memory.dmp

                                                                          Filesize

                                                                          32KB

                                                                          Download

                                                                        • memory/5640-442-0x000006443CC40000-0x000006443CEF8000-memory.dmp

                                                                          Filesize

                                                                          2.7MB

                                                                          Download

                                                                        • memory/5744-748-0x000001F2C74D0000-0x000001F2C74E8000-memory.dmp

                                                                          Filesize

                                                                          96KB

                                                                          Download

                                                                        • memory/5904-480-0x00000184BD110000-0x00000184BD136000-memory.dmp

                                                                          Filesize

                                                                          152KB

                                                                          Download