Malware Analysis Report

2024-12-07 17:04

Sample ID 241113-d7ywpavmax
Target https://www.telerik.com/fiddler/fiddler-classic
Tags
defense_evasion discovery evasion persistence phishing privilege_escalation themida
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://www.telerik.com/fiddler/fiddler-classic was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion persistence phishing privilege_escalation themida

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks for common network interception software

Downloads MZ/PE file

Modifies Windows Firewall

Checks BIOS information in registry

Themida packer

A potential corporate email address has been identified in the URL: [email protected]

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Event Triggered Execution: Netsh Helper DLL

Browser Information Discovery

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

cURL User-Agent

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:39

Reported

2024-11-13 03:44

Platform

win11-20241007-en

Max time kernel

281s

Max time network

283s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.telerik.com/fiddler/fiddler-classic

Signatures

Checks for common network interception software

evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\b5497fca4e4478881056c95fd8c01ee6\System.Web.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\VJD9IPRU85\System.Data.SqlXml.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1304-0\System.Security.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\H6FAIXYWQN\System.Security.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1640-0\EnableLoopback.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\640-0\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\16dc-0\System.Security.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1438-0\System.Deployment.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5b4-0\System.Data.SqlXml.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\SKHA93JDM8\System.Numerics.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1430-0\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1318-0\System.Numerics.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\VJD9IPRU85\System.Data.SqlXml.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\66c-0\System.Deployment.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\SKHA93JDM8\System.Numerics.ni.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\assembly\temp\H6FAIXYWQN\System.Security.ni.dll.aux C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\1776d8abbd15098818c8578c5f6d9e17\EnableLoopback.ni.exe.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1338-0\System.Web.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1760-0\System.Numerics.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1648-0\System.Data.SqlXml.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "0" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "9999" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\.saz C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\SAZ.ico" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\ = "Fiddler Session Archive" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\PerceivedType = "compressed" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\DefaultIcon C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -noattach \"%1\"" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{E11678C8-A07A-4603-AFA9-29ABB9BE7F50} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\.saz\ = "Fiddler.ArchiveZip" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Content Type = "application/vnd.telerik-fiddler.SessionArchive" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -viewer \"%1\"" C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 879513.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Synapse Z.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 4476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 4476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2416 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

cURL User-Agent

Description Indicator Process Target
HTTP User-Agent header curl/8.4.0-DEV N/A N/A
HTTP User-Agent header curl/8.4.0-DEV N/A N/A
HTTP User-Agent header curl/8.4.0-DEV N/A N/A
HTTP User-Agent header curl/8.4.0-DEV N/A N/A
HTTP User-Agent header curl/8.4.0-DEV N/A N/A
HTTP User-Agent header curl/8.4.0-DEV N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.telerik.com/fiddler/fiddler-classic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb92293cb8,0x7ffb92293cc8,0x7ffb92293cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8

C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe

"C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe"

C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe

"C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe" /D=

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"

C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper

"C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 0 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb92293cb8,0x7ffb92293cc8,0x7ffb92293cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 28c -Pipe 298 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2ac -Comment "NGen Worker Process"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2cc -Pipe 2f8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 304 -Pipe 2fc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2f4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2b8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2d8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 314 -Pipe 2dc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 314 -Pipe 2f8 -Comment "NGen Worker Process"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7148 /prefetch:2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 29c -Pipe 2e8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2cc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2c0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 30c -Pipe 2ec -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 2a8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 2b8 -Pipe 304 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 0 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 1e4 -Pipe 284 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2ac -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 27c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 298 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 204 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2fc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 300 -Comment "NGen Worker Process"

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe

"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe

"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"

C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe

"C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Synapse Z\redeem.cmd" "

C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe

SynapseLauncher.exe redeem

C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe

"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"

C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe

"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.telerik.com udp
US 50.56.19.112:443 www.telerik.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
FR 18.244.38.47:443 dtzbdy9anri2p.cloudfront.net tcp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.insight.sitefinity.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 d585tldpucybw.cloudfront.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 152.199.21.175:443 cdn.insight.sitefinity.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 13.224.58.32:443 d585tldpucybw.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.155.128.140:443 d6vtbcy3ong79.cloudfront.net tcp
FR 18.244.38.47:443 dtzbdy9anri2p.cloudfront.net tcp
FR 99.86.91.63:443 euob.ytwohlcq.telerik.com tcp
FR 18.245.175.46:443 static.hotjar.com tcp
US 8.8.8.8:53 a.quora.com udp
US 8.8.8.8:53 script.crazyegg.com udp
GB 142.250.187.196:443 www.google.com tcp
US 150.171.28.10:443 bat.bing.com tcp
GB 151.101.188.157:443 static.ads-twitter.com tcp
US 104.17.246.203:443 unpkg.com tcp
GB 23.64.29.226:443 img.en25.com tcp
US 162.159.153.247:443 q.quora.com tcp
GB 2.19.117.135:443 snap.licdn.com tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 216.239.32.181:443 analytics.google.com tcp
US 172.67.5.216:443 rum-static.pingdom.net tcp
FR 18.245.175.49:443 www.clickcease.com tcp
BE 142.250.110.156:443 stats.g.doubleclick.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 216.239.32.181:443 analytics.google.com udp
IE 3.248.162.96:443 obseu.ytwohlcq.telerik.com tcp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 216.5.67.172.in-addr.arpa udp
US 8.8.8.8:53 49.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 156.110.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
GB 79.127.237.132:443 cl.qualaroo.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.35:443 www.recaptcha.net tcp
FR 18.164.52.40:443 script.hotjar.com tcp
CA 192.29.11.142:443 s1325.t.eloqua.com tcp
N/A 224.0.0.251:5353 udp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
GB 142.250.178.3:443 www.google.at tcp
GB 142.250.178.3:443 www.google.at udp
GB 142.250.200.35:443 www.recaptcha.net udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 20.231.53.73:443 q.clarity.ms tcp
US 20.231.53.73:443 q.clarity.ms tcp
US 13.107.21.237:443 c.bing.com tcp
US 52.206.167.70:443 geo.qualaroo.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 54.220.100.186:443 rum-collector-2.pingdom.net tcp
US 172.66.0.227:443 t.co tcp
US 172.66.0.227:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 20.231.53.73:443 q.clarity.ms tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 152.199.21.175:443 cdn.insight.sitefinity.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 20.231.53.73:443 q.clarity.ms tcp
FR 18.155.129.8:443 api.getfiddler.com tcp
FR 18.155.129.8:443 api.getfiddler.com tcp
US 52.206.167.70:443 geo.qualaroo.com tcp
FR 18.245.199.35:443 downloads.getfiddler.com tcp
US 50.56.19.116:80 fiddler2.com tcp
US 50.56.19.116:80 fiddler2.com tcp
GB 104.86.110.114:443 tcp
US 20.189.173.24:443 browser.pipe.aria.microsoft.com tcp
GB 104.86.110.114:443 tcp
US 150.171.28.10:443 bat.bing.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 150.171.28.10:443 bat.bing.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
FR 18.155.129.8:443 api.getfiddler.com tcp
US 20.231.53.73:443 q.clarity.ms tcp
N/A 127.0.0.1:8888 tcp
FR 18.155.129.8:443 api.getfiddler.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 162.159.153.247:443 q.quora.com tcp
N/A 127.0.0.1:8888 tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 104.21.24.68:80 synapsez.net tcp
US 104.21.24.68:443 synapsez.net tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 3.164.163.56:443 framerusercontent.com tcp
FR 13.249.9.28:443 events.framer.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 150.171.28.10:443 bat.bing.com tcp
US 216.239.38.181:443 analytics.google.com tcp
US 20.231.53.73:443 q.clarity.ms tcp
IE 3.248.162.96:443 obseu.ytwohlcq.telerik.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 150.171.28.10:443 bat.bing.com tcp
N/A 127.0.0.1:8888 tcp
US 150.171.28.10:443 bat.bing.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 5.83.218.158:80 api.synapsez.net tcp
GB 5.83.218.158:80 api.synapsez.net tcp
N/A 127.0.0.1:51340 tcp
N/A 127.0.0.1:51344 tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 92.123.241.137:80 www.microsoft.com tcp
N/A 127.0.0.1:8888 tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 5.83.218.158:80 api.synapsez.net tcp
GB 5.83.218.158:80 api.synapsez.net tcp
N/A 127.0.0.1:51373 tcp
N/A 127.0.0.1:51376 tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
N/A 127.0.0.1:51392 tcp
GB 5.83.218.158:80 api.synapsez.net tcp
N/A 127.0.0.1:51396 tcp
GB 5.83.218.158:80 api.synapsez.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02a4b762e84a74f9ee8a7d8ddd34fedb
SHA1 4a870e3bd7fd56235062789d780610f95e3b8785
SHA256 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA512 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

\??\pipe\LOCAL\crashpad_2416_WMTGMMVAMVQQQWRY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 826c7cac03e3ae47bfe2a7e50281605e
SHA1 100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512 a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eec065f0c0808b38b4e867c63528a378
SHA1 5dc90152c5f33b67dd0716825da4fdd46f4f2f31
SHA256 ad0bae52d3b91f58aee5176009ac0fbd7517f16310f3c09c9f0c71178faf696e
SHA512 88437ada28a1e94d063117b015a2c4c535e5a0b51e33813d9e607000d63a7b004b3db37045a3142e46218d8231d72a346750b106ff329c020d3cbb0a81cd28cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9e4ad2ee8c3bab987fd853a57e208ad
SHA1 9916a4940b3b450b20c948f0d04e659d5ccdf958
SHA256 9bc336ae165de074ca66b9f2cb29c9dae57443496843da44533120c41de4335e
SHA512 c65b38deb00f3d178f30285c5b8ac7975534899db2d628748878f580139e193782d023701facc10b4947a8c31f47f0786cc6d8520f1123e7ce30dfb72febb9f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12189f86b35cc68921179166218d3e1a
SHA1 99f8618a5dfb840bc97ba15020f8ff10bc629459
SHA256 f7b7465061bbbf2080e04092739440b650937fb75290326bb2d5db3f5de9ad05
SHA512 bace6ec3b0a4cf7fcf5e506bb0ace389cbd0e77943062ee8911ea613c287cfb4799d1d3190e6cb1df53a1d566a69f1f52ce83b5fc5349a354aea2218642df7fc

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6b3aaf5c0bd09b3ff9e46594812dea54
SHA1 eee6956645091529dd1de912829a71cf98d1212c
SHA256 bffc8f754ba5d636b7d95487811ae75a6f70741a5b117d1b879b69ab0f74e2b6
SHA512 eb52d377e1a28b8b8f3b53632195810a000da326e8dfb7eb745a217012a627f5a76201ef063fed377ae4a6d2b37fa18f8887b87ad211f12e742b89811d35bff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5816b0.TMP

MD5 7ff847c9ceb215a37f875a20fca93530
SHA1 40eff2cfeefb0a309d24df45fa79a44f0fa41ae1
SHA256 8ae1d273cbb00773b9d9907fccc4322526e8a21de2084644f99c8b8a06c3355b
SHA512 5602eacbc508aa75bb8243edb67bb4e243c7d8f009ee8ff978db3fcd72ac8ffc55646cd9602fea4cc2e23a1d797de37b307164a6f12f35b34ab1fbca0abab3fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58e50acecf8161afd9c276c105e4bc86
SHA1 72a8236b74211c6ba16d0bc1272eaea065966ee7
SHA256 42d5322b49d68f57e0362ffd37c24d37bd51c332c4b9c22f09fb041dcbcca8eb
SHA512 607f194fe19bfd7791431d1b791b10beb6f11091ae5673349e13e9fa89cc6561582cc36614112f7f3ff7dc57cfd0e42e657ca530f119b1950a2ca4f48005fe6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d4253b1542c53a95e37a09b6237ef15e
SHA1 730cf1ab5dae3003b02d7981ba26f1f6a9d8e57d
SHA256 b160f860f4d461f47b88d0a04af06b4f45f4607f75407ae03b40561528e1941f
SHA512 4c7cff21fc27acb7ed925f88dca33985d779e3f811fd3b1c99351e59ec6dbba5f533a092f7ae255f593f46b0beabd1c22b3c8dee9693a097d5a8c2bc665c8eac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 e914bc11f84d57e5f674a12608b21059
SHA1 75f3844129865378f67c3fcce260378affb91cb5
SHA256 645c741a80abda30bb9f670ed46a5dcb96eccc9321d8661f0a6edd88982d7395
SHA512 be15d1c3bc2eca0ecc9ef5f2cf199521e5cd9c1df403515d93d85f004e87fc6356ab501c2c95af4c68d3f0c93ee812151c91bd613fceea9bd7d0047ba2be8525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 b100307705c311e8ae4d31d8b2a4a93c
SHA1 3b1ec50ed6b09f7b3c14f6e8e201f2a2b1c98975
SHA256 4a9f5d41f5ac4c03f7772f676247d201dadf15f9ac01a31ac26685d2f559c2fc
SHA512 213f7dbe76418eaf912a232d0650215b481674943ed689ed8ea4716caa6f5293b4495597040822a62ed9372f3703245a9498e28b852f00a2256fd28a54899ea0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e85443d5a8a1640f31c3a99552ce2fa6
SHA1 5e6cb5d0b72fe28e0aee717947664b8336f9aa88
SHA256 74f3fe9af256a3ea31127ed420c95aa0c378bae3b8ceec80027d3b3efc675707
SHA512 c529645cf0883bf26391f2c32a876000c4645c405ca49322b94c23cdb1dae6f48dd1a8d23a8c249e7367586c865569b16ec6a515a430e386417ef60a2046e7b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591bcb.TMP

MD5 c84b04ae987d39d3a5580c1b69d12a88
SHA1 a16399ef1931b207ea42ca69c769560d956673f0
SHA256 0175a122c4946a2b5eb690c3d3abef2de2269e1e759ea9e04f133100d0a1cfed
SHA512 83f062bb26f9899ef438cb7d0b9dfc7875aea2791d2bfd3698a7ca5e2bda942404b94f1cb839d299d43ce7bd6e58a15baf6b870636ef4d10f6915f874e6ca469

C:\Users\Admin\Downloads\Unconfirmed 879513.crdownload

MD5 c1980b018489df28be8809eb32519001
SHA1 e860439703d7b6665af4507b20bbef2bbb7b73f4
SHA256 588024037b1e5929b1f2a741fff52a207bcab17f0650ec7cb0cd3cb78051998d
SHA512 f70d419e869e56700a9e23350a9779f5dd56bb78adb9a1b0d5039287a24f20004db20f842294d234d4717feaa3184a5e6d90f0ee3666208bad2ea518d37b0a35

C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc43eb3724f06531050d223d0e28780a
SHA1 bf658a62638672b6fa755bed970e7a27a439caca
SHA256 c32464c51ad428ba482b9cb3f1d317a287d99b823b15503174f388a3c052ca64
SHA512 00f4621a6ea6ba170093da9bec0a2a2614648e3bd4e7ab5b825a6a7fedffcd596d5e96d0772cce50fabdc6b825713beda6434ff30caa8b6bd6799be974a2de92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d64d835a0356a15977fb4b668ab6b240
SHA1 0d7c842c955740e5223d5946b9d6d8b74a2ecf37
SHA256 7d51e40f0713681feb32eeb189c4670d8902dfe8af0feab5d5bf4577d9a312dc
SHA512 c2b63d95b47464d6de537da73a4290982de78553c9d33f05a14739487e2d10bfe82f723094fe607abbc558a1f80d1e3b3f5eafe394c94ac555451dc6629b4661

C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe

MD5 c2a0eb6f104eacec3f39581451ee208f
SHA1 9ae7d02aeb640fbd090dfc01885b98dd5dd0b6cc
SHA256 1f926cc353301e547e76c6d2eff23fcbe85495ba0292174cc6344fac26457af8
SHA512 8b062e4f0af1dce3a12b5776646fe8c235f30de6772f579da1a6ab2bb559ed69b3bd32af95eee248c48008ddcbd40a7e49eae722a44bc9b49dd13fe38113a3ca

C:\Users\Admin\AppData\Local\Temp\nse5A2E.tmp\System.dll

MD5 192639861e3dc2dc5c08bb8f8c7260d5
SHA1 58d30e460609e22fa0098bc27d928b689ef9af78
SHA256 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
SHA512 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper

MD5 b1827fca38a5d49fb706a4a7eee4a778
SHA1 95e342f3b6ee3ebc34f98bbb14ca042bca3d779f
SHA256 77523d1504ab2c0a4cde6fcc2c8223ca1172841e2fd9d59d18e5fc132e808ae2
SHA512 41be41372fe3c12dd97f504ebabb70ce899473c0c502ff7bfeaddc748b223c4a78625b6481dbab9cb54c10615e62b8b2dbe9a9c08eb2f69c54ebf5933efbeb1b

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe

MD5 87bc17f56e744e74408e6ae8bb28b724
SHA1 3aa572388083ff00a95405d34d1189c99c7ff5be
SHA256 ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
SHA512 cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d

memory/72-585-0x0000023BFD560000-0x0000023BFD8E4000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config

MD5 c2edc7b631abce6db98b978995561e57
SHA1 5b1e7a3548763cb6c30145065cfa4b85ed68eb31
SHA256 e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14
SHA512 5bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2

memory/3064-586-0x0000000000440000-0x0000000000448000-memory.dmp

memory/72-588-0x0000023BFD390000-0x0000023BFD44A000-memory.dmp

memory/72-590-0x0000023BFDE20000-0x0000023BFE348000-memory.dmp

memory/72-625-0x0000023BFD450000-0x0000023BFD4CA000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll

MD5 a999d7f3807564cc816c16f862a60bbe
SHA1 1ee724daaf70c6b0083bf589674b6f6d8427544f
SHA256 8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3
SHA512 6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

memory/72-682-0x0000023BFD8F0000-0x0000023BFD9A2000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/72-685-0x0000023BFD2D0000-0x0000023BFD320000-memory.dmp

memory/72-689-0x0000023BFD070000-0x0000023BFD092000-memory.dmp

memory/72-691-0x0000023BFB360000-0x0000023BFB37C000-memory.dmp

memory/72-694-0x0000023BFD4D0000-0x0000023BFD4F0000-memory.dmp

memory/72-698-0x0000023BFD510000-0x0000023BFD52A000-memory.dmp

memory/72-697-0x0000023BFD4F0000-0x0000023BFD50E000-memory.dmp

memory/72-703-0x0000023BFE350000-0x0000023BFE472000-memory.dmp

memory/72-696-0x0000023BFD9F0000-0x0000023BFDA34000-memory.dmp

memory/72-705-0x0000023BFD530000-0x0000023BFD550000-memory.dmp

memory/72-707-0x0000023BFDA40000-0x0000023BFDA52000-memory.dmp

memory/72-709-0x0000023BFB340000-0x0000023BFB350000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll

MD5 6f9e5c4b5662c7f8d1159edcba6e7429
SHA1 c7630476a50a953dab490931b99d2a5eca96f9f6
SHA256 e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
SHA512 78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

memory/72-706-0x0000023BFDD90000-0x0000023BFDDCC000-memory.dmp

memory/72-704-0x0000023BFDCD0000-0x0000023BFDD4E000-memory.dmp

memory/72-695-0x0000023BFD9B0000-0x0000023BFD9E2000-memory.dmp

memory/72-693-0x0000023BFD360000-0x0000023BFD372000-memory.dmp

memory/72-692-0x0000023BFE820000-0x0000023BFECEC000-memory.dmp

memory/72-690-0x0000023BFD320000-0x0000023BFD35A000-memory.dmp

memory/72-688-0x0000023BFDA70000-0x0000023BFDB22000-memory.dmp

memory/72-687-0x0000023BFD040000-0x0000023BFD062000-memory.dmp

memory/72-686-0x0000023BFDB40000-0x0000023BFDCC8000-memory.dmp

memory/72-684-0x0000023BFB330000-0x0000023BFB33C000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll

MD5 1c2bd080b0e972a3ee1579895ea17b42
SHA1 a09454bc976b4af549a6347618f846d4c93b769b
SHA256 166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
SHA512 946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

memory/72-680-0x0000023BFCF70000-0x0000023BFCFBA000-memory.dmp

memory/72-668-0x0000023BFB310000-0x0000023BFB31C000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll

MD5 798d6938ceab9271cdc532c0943e19dc
SHA1 5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3
SHA256 fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2
SHA512 644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31

C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll

MD5 3be64186e6e8ad19dc3559ee3c307070
SHA1 2f9e70e04189f6c736a3b9d0642f46208c60380a
SHA256 79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
SHA512 7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll

MD5 eaa268802c633f27fcfc90fd0f986e10
SHA1 21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
SHA256 fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
SHA512 c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll

MD5 ac80e3ca5ec3ed77ef7f1a5648fd605a
SHA1 593077c0d921df0819d48b627d4a140967a6b9e0
SHA256 93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
SHA512 3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 4562882014f7df38316d04c4d89475ea
SHA1 b56bd842693d3c17a9b09af5a89100144d1ce88a
SHA256 5d80735b48c0f39f70e37251a2861d5470b765fb662213da3a88d1c25867a440
SHA512 7d1ce83b4f217c8ff5c5b25d389c1475efd5264c01638ebd4899b90ac560f06e8beb3ffb962ea6c118ac5c819e7d74c97fd0f91ba43f2e03146401e5219d6124

memory/1460-741-0x00000644451A0000-0x00000644454A4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 bc9373b269bc8d4ea4df8a44c3ba2514
SHA1 540b02515c928fa6cae94d6d84a02575f89d5bec
SHA256 e25fcb405fee6f665d134fe59b25b55ad26eb294ca90b59d57d8e1b361e9ed0e
SHA512 bfc73715735b96fcbbd7644165c543d6a91226d1551ebd61dab42449975b357c9dbaf2264990e2f135e9a6b6b08100a4926c3cc4f4d9519fe440900def5bbd61

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll

MD5 5968702720c09d48fc7a0aae9f458a3e
SHA1 64ec4c0ee94a26fdd26f7f02892a313793ca3333
SHA256 1db11e73cdfebf485614216e227af712214049b909490e500bd0189a580a7eea
SHA512 107b18bb1f4d5441c015a657aab87581d4e37d72321ceac4208ff00f93e82d98f340dce8e6493e8f89a0104c3f71443455ab7f88433a173b5dc75e1274b21164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 42208334dc14a42a1492e8f2a55e9557
SHA1 018c9acb0f1012e6b9f77fa324b8bd174651fbfa
SHA256 d15424e5cc15f1f7724fb53af8efd2a6986e78185b8e8f82cb31c68de3c3a7a4
SHA512 ae107be82aac28a2b8d25696089d055b25153bf776fa1995273f6efe2c2425bab4fb8f23b6c64266992529ef7f93ef6f2a8b6d1354fb98b478701beafd3e7e0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 c08284ff9cdc27a44cb34b4431cae5cc
SHA1 979c662bac391ff09d7a35c4e8931890cb9184a9
SHA256 72172ecb4a8d927897ca97d79a6e454a456c74c9e12160848350569e8361389d
SHA512 fc4d35bb93d76e3e3e88c942f26f18ffd797dd160fad21190e3a400d117895dc591fd79c954b6801da6689b479989d94030d7b2cdd580e8051a54ef8fe7054e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ebe95e7aac40f5de18dfec2715146c9
SHA1 fabe5f69ecb75f3d505e5d6c806780d2c853af6c
SHA256 883ed036bcee437bec771dea084acc9198a62b89617f176adafce07459a93fc9
SHA512 7cc60ada6b68fc2c1ccfcc752efedbf5cedffb0fcd5ef89b136ea092344d327c3e295b48d4a8de697997d51c2674a8bfd1c958d901d4db22a174f2b3bbc205b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 56b1b49a4bdc4c874445907df778d045
SHA1 d2fe504ff66c8f1019897a489d1f228adbec1675
SHA256 ae164feded7be7bf0bacf35c024e49d9fe9691f9ea02860deabf3e777e181885
SHA512 da23e397b4009c66caabb9147b98e48f117855e03d82ff919e36d22bbd3f2fce6440f00147477ced44c77c512277e4506d41098aefee57dfecf0f0db0d47c115

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux

MD5 babee7fd2083dd07600dd5c55c7ccb19
SHA1 d60268525947cb482d08dc82bf8dbedc4153ecc7
SHA256 211f95dde18026099e727ea7dd3c59b2f44e4b8d6bc37a400b4e77dd35407fb8
SHA512 fb07b7940e0caa80c779f80a79c855f360a6032f4cfbc55d1d244070d638e2edc7969ebdbb1bc695b7a6e2a4ea8b9197287ee27acaf6e0ec3e7a2114c892034c

memory/4868-796-0x0000064449A20000-0x0000064449B18000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll

MD5 f7c61b3ccddcebf97d4f2fcd7d2fc298
SHA1 3d4149310ceafb8b989afda01ac47abd4b9eae32
SHA256 8effa08244a2d3dc6573065c372c8fc06e515f584d6f7760ffafc6fcd91b7957
SHA512 0fd5437a6f77375b930ae913f955ef5b25c1374ae0ac491e4873ba4e303a0e4542a312d82096cbd6c171b4ed81859f2ab8ef2e2dcb20d534e5a923eb5314fa4f

memory/4888-811-0x0000064443EC0000-0x0000064443F11000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll

MD5 0ec738c1551385a6ab8287162ead2385
SHA1 576f4ac07fa966785607109902714f104c2b6fdb
SHA256 2be57b6de3fa61e65fab74f2911edeee2d0c4d3f0e2e0371bfca72498a4ac60e
SHA512 abfa6e2d47c55b65bf81a240c32bc7dbbdf739b23d4ddeb6b95d4c39eec7c0f59d3b788239b7ef4419d31176cd2a5338bda535c9241ba24ddecaaae36b57303a

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux

MD5 c7f1888df8d5f0cee44055889d7145a0
SHA1 2b38514613fdcf0bd151d72e1754f82c8600238f
SHA256 86a58da68258f409d91c6178502763d92d53d5a81a0c65ea0da5826aa95dced2
SHA512 a96ac1b47a8ddb9efcf4b1483c47ef8141b05e47c68e9357ffb239033434b9450ef562f5a1ebb0a741c401c384da95780482a647270fd39558a1d73990101670

memory/1644-829-0x0000064445320000-0x000006444561E000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll

MD5 5ce272c443c76c6a0268b17307086373
SHA1 9da215c4f1fa2367b0abb062ae23c49c27e0cf6e
SHA256 1bda44e93fabab317c5d2768199ae87d47868e2ba1bd5c4eafbbc78fa3ae7414
SHA512 a6a66cc3a2b2080973edea313fc2f486c26c43280ffb1790c39f7e4983671abeb7c4b7e42c247823e2f30c284467e0848259d9d8bbbe50e3858bb5dc23a29d94

memory/1600-844-0x0000064449980000-0x00000644499D8000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll

MD5 9ca5ccbe1085d777dc220ad37e26d6d3
SHA1 7f63e7d7764a4dc13a8b9cbec50749229cb93bca
SHA256 f362820cf09248efe993990b005ae1cbc856a048f08d7e1b494d980bff8a2342
SHA512 bc5142e7741071dcbff36c8320d7b217ddfc95c43b3c2a422ff2439e0eb46669c23d1ceda2956735c9a5cf66f489de21eba9a85d3b8d50959d898a213be3c3ea

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux

MD5 faeaf52985536c4d7a6fea9ebd88c910
SHA1 29332a0eea7cb852223164a4863f4843fe101ba3
SHA256 ae8066274c5b4a5cdfc469e39463a94233d614fe44af31ea431e36a3cfe61a9a
SHA512 c305626c0ae72c62eaa00bc9ca5b5377fc562a52b97020c360fb7f69386d3a09646a3843da7161c4693f32264d141f6e102fa70f2c5beae443d7b8e1d52e1f29

memory/2064-865-0x000006443CC40000-0x000006443CEF8000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll

MD5 fbf426ceb9dcf71f91b9c0e705c7887a
SHA1 da50100d4c2e743d49134540d848526ea008af40
SHA256 3aef7382577c7ef23f48a1332b415fd26b3d7fa6c9bbe5f0de383bef8e770efc
SHA512 de52e8feb3a6f67e5d4cfdcba5f62313a25efe13f331625e14d6bd48f59440f878ff5ee1dd6e18ea72947ded8612e56d2eee28a681dd8db4eccd2308479c9de8

memory/4920-886-0x000001DF53600000-0x000001DF53626000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 83719f6aab70f00af52bd895a18af3ef
SHA1 43d8ac923c0125192b2c4eaa4df558f3b8002951
SHA256 c4c125b083fd909d5bb0ac0fd9cbafd7f886d090188428fdac8aff6bf7215c00
SHA512 dd6e4ab0101e6050e83841dd713d753f5c4cc13b780d33a42c4345953f488e0e86f0db19402597f3394c906a320f3b65478cf250e07820f2ad28a7c2e275c14c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 c5efbb1e0ae2e6bb93c88e5899c2a601
SHA1 4222198dcbee33f13574e11b27e739fb62e4b19d
SHA256 861bd76d2bb88508dd4924296ed8089741bf77c01759aadf2f372873eb8473de
SHA512 87a960a9f8cff895abd96d382fef3d6f8b9b23ef89eb2b74120db8db3dce2c6983cca16ca5fe33c9a302901b1c6c043ffcf9af6549b0bd14f55a1ee327ce6498

memory/4920-899-0x00000644C00C0000-0x00000644C10EA000-memory.dmp

C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\b5497fca4e4478881056c95fd8c01ee6\System.Web.ni.dll

MD5 9cfb48343d8e37ceb5d53c4f73c87721
SHA1 4946db9e6de00d729e99f263c311dd501be92059
SHA256 4c8d6b0e4a15a1da294d9dabbf3f022136973ea9b3c6fabdfd577813f8fd0433
SHA512 ddf1950b340257e7d3964b018d32971233da5bfc442aabe3362cc1fe1bdc62bec3d64284ee82cf5601bf64533bd47291010cade9dbf962210aabbb36a69e9186

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 3dc1daa33c843ab59d0d9ffd0e3be928
SHA1 5be43712a886fcfb79cdf11263ba8d0b16059380
SHA256 4fce08944e3faed07cf1755559991a96c9918ba98bef51d152ebcd743a8cd36e
SHA512 e77fd74566cde4e3148670686aee2418eaaf7fbe340143f379d32aa9546aa5eb3edd62bc5d827bf91d0dc92bff7c2561b5a2b8daef509df0ed2d17d4eae946d7

C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll.aux

MD5 8354f38ef9dd329b59e8722316ea5ce6
SHA1 82da5accdf6f7a67f85001c9abe07b50e9031d1f
SHA256 5183d73f7acdde68a4adeae0837984de7887412397bd65631335df82c61adfba
SHA512 c8ff4dd9638bbb68a3f2df6b70e9b78faf58b41d91129684bff85a29e8cb280f895b4224f7fc0b34fb75a390e7da2e733d3fdcf9475dff9afe4ccd06984f9d54

C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux

MD5 bdf14ce4a416cf686dae47be34fcc09e
SHA1 bc428571a58afc330553097b0ebc1eeef7ca0c61
SHA256 b31d328b94dfdebba040c34c00ab2269c92cd2f3f43db684007732b771d6c7b8
SHA512 b103c980e692559a44d704a8311ff7ae1fe81506699625310936c061881b6396f5bc786362be972029bbd42e11fe394406cfcc8b1baa05846f82da4e37a39efa

C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll.aux

MD5 9536262da7ce4d5ae19f8dcbe22b1d33
SHA1 f35fd018806da18a371487575126f4460e832abf
SHA256 a2fde0e404bd1a8784d2fb3a4c3079eae6a19a690b7a3f7a1e98488faf3af814
SHA512 1df59e38781de47b56006aaede26695f5073f5c64cd9edf59d9e33cac5e5da49eae682e14654f532ba58585b492bc70a8018bada7eda93a11b60f979466e9f0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4923b5e7082b83a0e007afd07a68cd7
SHA1 c0d82b2de2ae31277d59d9cbfc442ce3eae021ba
SHA256 ffd2391c64d588e3c66ac661951096e6ecefc66f41f6ba0f058ad6f0cec01a08
SHA512 a76bc125de31d91c017f1d24f818f2a5c43e482f39042a17812c7f771e6e5589a6d12e93d24c302ea2d87107d8cb5933a24b55fd6d6e3ae1370632e8a7b295e4

memory/5596-940-0x0000025205910000-0x0000025205928000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe

MD5 81564947d42846910eec2d08310e0d25
SHA1 b7a167dcd3afb29c8a0e18c943d634e3fc58a44c
SHA256 543f16b73f7d40177585332f433ce76dddc1526e12bcd62cb73edd11eb002341
SHA512 8f06409517697b022787bc9e2ed7e73100018422177aa3f63ecb406c3bdb6b021624f909a16fca0430002bfa7d35a461b38750c79c0273a154f63316b4e13037

memory/5696-941-0x0000064488000000-0x000006448802B000-memory.dmp

memory/5356-1026-0x0000023CD74D0000-0x0000023CD7854000-memory.dmp

memory/5356-1027-0x0000023CF45A0000-0x0000023CF45AC000-memory.dmp

memory/5356-1039-0x0000023CF5570000-0x0000023CF55B2000-memory.dmp

memory/5356-1040-0x0000023CF5540000-0x0000023CF5552000-memory.dmp

memory/5356-1041-0x0000023CF5500000-0x0000023CF5510000-memory.dmp

memory/5356-1042-0x0000023CF57A0000-0x0000023CF597A000-memory.dmp

memory/5356-1043-0x0000023CF55C0000-0x0000023CF55DA000-memory.dmp

memory/5356-1048-0x0000023CF55E0000-0x0000023CF55EE000-memory.dmp

memory/5356-1047-0x0000023CF5610000-0x0000023CF5636000-memory.dmp

memory/5356-1046-0x0000023CF5560000-0x0000023CF556C000-memory.dmp

memory/5356-1045-0x0000023CF5530000-0x0000023CF5538000-memory.dmp

memory/5356-1044-0x0000023CF5520000-0x0000023CF552A000-memory.dmp

memory/5356-1049-0x0000023CF5FF0000-0x0000023CF6596000-memory.dmp

memory/5356-1050-0x0000023CF55F0000-0x0000023CF55F8000-memory.dmp

C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20245.10105\user.config

MD5 9cb25332bef38c05b6500cdce25f9446
SHA1 bb527b5d80016d477e703a66f6978a0803393641
SHA256 1921fff7083111f579a1c1d3a528eaf1322e8bde7db43fbcba042a863d646f3a
SHA512 98665587c13954230448e2cba591c61f87ce1bb3a402681d3690bd3f5b34c69ff494c624257baffcc8aea3e70b6061a2595143a81073de22aefff9ff09513532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f19857beb8599b0545c6f4b2b1b7ebe3
SHA1 0b08810c373d82606fff8a5781c9784e391748da
SHA256 5b041631338116f13e99e579e125028feb0049cb3e1134c0418b676c14e27905
SHA512 6fdc0a31dc5cb929255d423bc31dd2f4e1b187821e5cbef0c422c7a8bac4f3a4d357daeb31806ce170116cc925fc32a11abec0256133f69703e447a96246f09e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 177c334e85e04bc38051b75adfbc6955
SHA1 667b7fdfa5b0fe714c9c5064b088e82110165bb5
SHA256 7b173ea8d8d7229855cc6c1771f9030c7fc8d0cd779d10acb5501c7d8c2b4192
SHA512 dd88e2301c8500154a2a8ebe3872314b9994d22ef2c26183f48a747044db260407a2ad8c6a7d3ad22f52a510218741983b03376d4d5652a388c62976166276fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66079e5d16c87f8871d84c3b379eee34
SHA1 4ca1e8468edce426f19dc46eac19e087d4bb7b88
SHA256 017e4ce6d8f24b3da39c28fdf88b3a910a67b33d08dfa609b2939e45cef6b492
SHA512 35331816227318c5e4f979900e55a8b663d29bd1dede562cdc1704d9773bd59083eb4f7295a06c229120fa516416e47fd1d7370b28bac25d8571f66fce807d06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 2d57b54cf0472ecd6ac6c31c5ed5aa04
SHA1 ccb3f600ffc3a7711f951431ebbe7275f0813a5e
SHA256 e5e08e06805507504311242781e7a892aae60c3b5c318cd579d710d31e529b50
SHA512 bfdfe6d7465b17dc2a00411b669e86656309dcf6027c8c5753add968ae281462c7812eebbf9628a26c5da823aa6681669f4bc6026553f90141411852ee6f763c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 161642dd45b6138dc0696fc38b15fce4
SHA1 b414b6a8d8e8a42f2d7c1d296d3f02f487c275c5
SHA256 a438acd781e7c1b493df6eccc8a27841bd2a1c0a95912e862d77598f16cefaf7
SHA512 cd0e4061e046bcaeb425a10ca79535e7d56d2c955bfcc59ad12e8c6993c1254cf5f4662aedd1e0f757c0ba61de735c926292395d4ea2f919402a3cd5c318eab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dbbec183d9cc9bf3e886b29667308a58
SHA1 14491a6c37a0f70ade51d09eb0d99acf0802d42d
SHA256 5062e1ff4784ec696f629e5b860c7a1720b2a83d6bcfcb5d3a4b6d90b811a422
SHA512 a4f1317b7ee7a1ae285a4352df28a1277f3d1431b7c7f935208d39fb9e019d722ef0a57da4a960342426983a11814ffe5f1f3a1869a73a69509329314f62301b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df7a3d88c2e88412db51cbcaae6a9105
SHA1 162e60872d5dab02af2b00a3ae7cd24c8a3135ee
SHA256 20f84dd626ddbd60771cad35d86332bb923a20aaa88f2ad6c9659bba1793fa29
SHA512 8ce0ada0f229f296272388e55cd0cf7404a6b08334e845e60b48e422957dc0462ddb0632f41ae2c9afc692665122150177e03f58d635016aaad32b72ca5cf5c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3224d316f89334dbaa3b12631a1c7e62
SHA1 a4a6de693cd937fb3a27bb4ae16ff3450d008dd2
SHA256 000f94b927a116bc037464fe47df59747ffb34a18f8555558ad3b492e069ef99
SHA512 3174be96a55e63fc450f8183eaa981abab1767764c486b4ded1b2b74d7ef0c12a92d4ebb9f4d4b10aca51ca0cca2d314c4cd27bbdba532c711254cf78e9ed49c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c59eb320a059e4eba6d6dd10c809cdfe
SHA1 50e68f9a5321d10a98b31ac902006c9335ecda57
SHA256 1dd7fb7870bc678c570bf5410eae454ea7a69e42df1b0782b133749b9a025093
SHA512 e191dc490bcd117dd289653fa3a16200314e21d4fc3af9b1be79c03f87da0c870e2eec5951f7801d07de1d41b8006634c5bbaa728bb7a7cbee027d572f78f11a

memory/2644-1342-0x0000000140000000-0x0000000140CDE000-memory.dmp

memory/2644-1348-0x0000000140000000-0x0000000140CDE000-memory.dmp

memory/3140-1356-0x0000000000E10000-0x0000000000E28000-memory.dmp

memory/3140-1357-0x0000000005DB0000-0x0000000006356000-memory.dmp

memory/3140-1358-0x0000000005800000-0x0000000005892000-memory.dmp

memory/3140-1359-0x0000000005A00000-0x0000000005A0A000-memory.dmp

memory/6128-1365-0x0000000140000000-0x0000000140CDE000-memory.dmp

memory/2476-1371-0x0000000140000000-0x0000000140CDE000-memory.dmp

memory/5760-1377-0x0000000140000000-0x0000000140CDE000-memory.dmp