Analysis Overview
Threat Level: Likely malicious
The file https://www.telerik.com/fiddler/fiddler-classic was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks for common network interception software
Downloads MZ/PE file
Modifies Windows Firewall
Checks BIOS information in registry
Themida packer
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Browser Information Discovery
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
cURL User-Agent
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 03:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 03:39
Reported
2024-11-13 03:44
Platform
win11-20241007-en
Max time kernel
281s
Max time network
283s
Command Line
Signatures
Checks for common network interception software
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
A potential corporate email address has been identified in the URL: [email protected]
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\b5497fca4e4478881056c95fd8c01ee6\System.Web.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\VJD9IPRU85\System.Data.SqlXml.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1304-0\System.Security.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\H6FAIXYWQN\System.Security.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1640-0\EnableLoopback.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\640-0\System.Runtime.Serialization.Formatters.Soap.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\16dc-0\System.Security.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1438-0\System.Deployment.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5b4-0\System.Data.SqlXml.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\SKHA93JDM8\System.Numerics.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1430-0\System.Runtime.Serialization.Formatters.Soap.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1318-0\System.Numerics.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\VJD9IPRU85\System.Data.SqlXml.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\66c-0\System.Deployment.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\SKHA93JDM8\System.Numerics.ni.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\H6FAIXYWQN\System.Security.ni.dll.aux | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\1776d8abbd15098818c8578c5f6d9e17\EnableLoopback.ni.exe.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1338-0\System.Web.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1760-0\System.Numerics.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1648-0\System.Data.SqlXml.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "0" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "9999" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\.saz | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\SAZ.ico" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\ = "Fiddler Session Archive" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\PerceivedType = "compressed" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -noattach \"%1\"" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{E11678C8-A07A-4603-AFA9-29ABB9BE7F50} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\.saz\ = "Fiddler.ArchiveZip" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Content Type = "application/vnd.telerik-fiddler.SessionArchive" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -viewer \"%1\"" | C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 879513.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Synapse Z.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe | N/A |
Suspicious use of WriteProcessMemory
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.4.0-DEV | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.telerik.com/fiddler/fiddler-classic
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb92293cb8,0x7ffb92293cc8,0x7ffb92293cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe
"C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe"
C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe
"C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe" /D=
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
"C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 0 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb92293cb8,0x7ffb92293cc8,0x7ffb92293cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 28c -Pipe 298 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2ac -Comment "NGen Worker Process"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2cc -Pipe 2f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 304 -Pipe 2fc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2f4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2b8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2d8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 314 -Pipe 2dc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 314 -Pipe 2f8 -Comment "NGen Worker Process"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7148 /prefetch:2
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 29c -Pipe 2e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2c0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 30c -Pipe 2ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 2a8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 2b8 -Pipe 304 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 0 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 1e4 -Pipe 284 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 27c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 298 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 204 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2fc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 300 -Comment "NGen Worker Process"
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,7601589252447088311,17967704122703661525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe
"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"
C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Synapse Z\redeem.cmd" "
C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe
SynapseLauncher.exe redeem
C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe
"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"
C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe
"C:\Users\Admin\Downloads\Synapse Z\SynapseLauncher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.telerik.com | udp |
| US | 50.56.19.112:443 | www.telerik.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| FR | 18.244.38.47:443 | dtzbdy9anri2p.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.insight.sitefinity.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | d585tldpucybw.cloudfront.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 152.199.21.175:443 | cdn.insight.sitefinity.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 13.224.58.32:443 | d585tldpucybw.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.155.128.140:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| FR | 18.244.38.47:443 | dtzbdy9anri2p.cloudfront.net | tcp |
| FR | 99.86.91.63:443 | euob.ytwohlcq.telerik.com | tcp |
| FR | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | a.quora.com | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 23.64.29.226:443 | img.en25.com | tcp |
| US | 162.159.153.247:443 | q.quora.com | tcp |
| GB | 2.19.117.135:443 | snap.licdn.com | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 172.67.5.216:443 | rum-static.pingdom.net | tcp |
| FR | 18.245.175.49:443 | www.clickcease.com | tcp |
| BE | 142.250.110.156:443 | stats.g.doubleclick.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| IE | 3.248.162.96:443 | obseu.ytwohlcq.telerik.com | tcp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.5.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.110.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | cl.qualaroo.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.35:443 | www.recaptcha.net | tcp |
| FR | 18.164.52.40:443 | script.hotjar.com | tcp |
| CA | 192.29.11.142:443 | s1325.t.eloqua.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 13.107.246.65:443 | www.clarity.ms | tcp |
| GB | 142.250.178.3:443 | www.google.at | tcp |
| GB | 142.250.178.3:443 | www.google.at | udp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 52.206.167.70:443 | geo.qualaroo.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| IE | 54.220.100.186:443 | rum-collector-2.pingdom.net | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 152.199.21.175:443 | cdn.insight.sitefinity.com | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| FR | 18.155.129.8:443 | api.getfiddler.com | tcp |
| FR | 18.155.129.8:443 | api.getfiddler.com | tcp |
| US | 52.206.167.70:443 | geo.qualaroo.com | tcp |
| FR | 18.245.199.35:443 | downloads.getfiddler.com | tcp |
| US | 50.56.19.116:80 | fiddler2.com | tcp |
| US | 50.56.19.116:80 | fiddler2.com | tcp |
| GB | 104.86.110.114:443 | tcp | |
| US | 20.189.173.24:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 104.86.110.114:443 | tcp | |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| FR | 18.155.129.8:443 | api.getfiddler.com | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| FR | 18.155.129.8:443 | api.getfiddler.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 162.159.153.247:443 | q.quora.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 104.21.24.68:80 | synapsez.net | tcp |
| US | 104.21.24.68:443 | synapsez.net | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 3.164.163.56:443 | framerusercontent.com | tcp |
| FR | 13.249.9.28:443 | events.framer.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 20.231.53.73:443 | q.clarity.ms | tcp |
| IE | 3.248.162.96:443 | obseu.ytwohlcq.telerik.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
| N/A | 127.0.0.1:51340 | tcp | |
| N/A | 127.0.0.1:51344 | tcp | |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
| N/A | 127.0.0.1:51373 | tcp | |
| N/A | 127.0.0.1:51376 | tcp | |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| N/A | 127.0.0.1:51392 | tcp | |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
| N/A | 127.0.0.1:51396 | tcp | |
| GB | 5.83.218.158:80 | api.synapsez.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02a4b762e84a74f9ee8a7d8ddd34fedb |
| SHA1 | 4a870e3bd7fd56235062789d780610f95e3b8785 |
| SHA256 | 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da |
| SHA512 | 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f |
\??\pipe\LOCAL\crashpad_2416_WMTGMMVAMVQQQWRY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 826c7cac03e3ae47bfe2a7e50281605e |
| SHA1 | 100fbea3e078edec43db48c3312fbbf83f11fca0 |
| SHA256 | 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab |
| SHA512 | a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eec065f0c0808b38b4e867c63528a378 |
| SHA1 | 5dc90152c5f33b67dd0716825da4fdd46f4f2f31 |
| SHA256 | ad0bae52d3b91f58aee5176009ac0fbd7517f16310f3c09c9f0c71178faf696e |
| SHA512 | 88437ada28a1e94d063117b015a2c4c535e5a0b51e33813d9e607000d63a7b004b3db37045a3142e46218d8231d72a346750b106ff329c020d3cbb0a81cd28cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9e4ad2ee8c3bab987fd853a57e208ad |
| SHA1 | 9916a4940b3b450b20c948f0d04e659d5ccdf958 |
| SHA256 | 9bc336ae165de074ca66b9f2cb29c9dae57443496843da44533120c41de4335e |
| SHA512 | c65b38deb00f3d178f30285c5b8ac7975534899db2d628748878f580139e193782d023701facc10b4947a8c31f47f0786cc6d8520f1123e7ce30dfb72febb9f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12189f86b35cc68921179166218d3e1a |
| SHA1 | 99f8618a5dfb840bc97ba15020f8ff10bc629459 |
| SHA256 | f7b7465061bbbf2080e04092739440b650937fb75290326bb2d5db3f5de9ad05 |
| SHA512 | bace6ec3b0a4cf7fcf5e506bb0ace389cbd0e77943062ee8911ea613c287cfb4799d1d3190e6cb1df53a1d566a69f1f52ce83b5fc5349a354aea2218642df7fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6b3aaf5c0bd09b3ff9e46594812dea54 |
| SHA1 | eee6956645091529dd1de912829a71cf98d1212c |
| SHA256 | bffc8f754ba5d636b7d95487811ae75a6f70741a5b117d1b879b69ab0f74e2b6 |
| SHA512 | eb52d377e1a28b8b8f3b53632195810a000da326e8dfb7eb745a217012a627f5a76201ef063fed377ae4a6d2b37fa18f8887b87ad211f12e742b89811d35bff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5816b0.TMP
| MD5 | 7ff847c9ceb215a37f875a20fca93530 |
| SHA1 | 40eff2cfeefb0a309d24df45fa79a44f0fa41ae1 |
| SHA256 | 8ae1d273cbb00773b9d9907fccc4322526e8a21de2084644f99c8b8a06c3355b |
| SHA512 | 5602eacbc508aa75bb8243edb67bb4e243c7d8f009ee8ff978db3fcd72ac8ffc55646cd9602fea4cc2e23a1d797de37b307164a6f12f35b34ab1fbca0abab3fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58e50acecf8161afd9c276c105e4bc86 |
| SHA1 | 72a8236b74211c6ba16d0bc1272eaea065966ee7 |
| SHA256 | 42d5322b49d68f57e0362ffd37c24d37bd51c332c4b9c22f09fb041dcbcca8eb |
| SHA512 | 607f194fe19bfd7791431d1b791b10beb6f11091ae5673349e13e9fa89cc6561582cc36614112f7f3ff7dc57cfd0e42e657ca530f119b1950a2ca4f48005fe6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d4253b1542c53a95e37a09b6237ef15e |
| SHA1 | 730cf1ab5dae3003b02d7981ba26f1f6a9d8e57d |
| SHA256 | b160f860f4d461f47b88d0a04af06b4f45f4607f75407ae03b40561528e1941f |
| SHA512 | 4c7cff21fc27acb7ed925f88dca33985d779e3f811fd3b1c99351e59ec6dbba5f533a092f7ae255f593f46b0beabd1c22b3c8dee9693a097d5a8c2bc665c8eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | e914bc11f84d57e5f674a12608b21059 |
| SHA1 | 75f3844129865378f67c3fcce260378affb91cb5 |
| SHA256 | 645c741a80abda30bb9f670ed46a5dcb96eccc9321d8661f0a6edd88982d7395 |
| SHA512 | be15d1c3bc2eca0ecc9ef5f2cf199521e5cd9c1df403515d93d85f004e87fc6356ab501c2c95af4c68d3f0c93ee812151c91bd613fceea9bd7d0047ba2be8525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | b100307705c311e8ae4d31d8b2a4a93c |
| SHA1 | 3b1ec50ed6b09f7b3c14f6e8e201f2a2b1c98975 |
| SHA256 | 4a9f5d41f5ac4c03f7772f676247d201dadf15f9ac01a31ac26685d2f559c2fc |
| SHA512 | 213f7dbe76418eaf912a232d0650215b481674943ed689ed8ea4716caa6f5293b4495597040822a62ed9372f3703245a9498e28b852f00a2256fd28a54899ea0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e85443d5a8a1640f31c3a99552ce2fa6 |
| SHA1 | 5e6cb5d0b72fe28e0aee717947664b8336f9aa88 |
| SHA256 | 74f3fe9af256a3ea31127ed420c95aa0c378bae3b8ceec80027d3b3efc675707 |
| SHA512 | c529645cf0883bf26391f2c32a876000c4645c405ca49322b94c23cdb1dae6f48dd1a8d23a8c249e7367586c865569b16ec6a515a430e386417ef60a2046e7b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591bcb.TMP
| MD5 | c84b04ae987d39d3a5580c1b69d12a88 |
| SHA1 | a16399ef1931b207ea42ca69c769560d956673f0 |
| SHA256 | 0175a122c4946a2b5eb690c3d3abef2de2269e1e759ea9e04f133100d0a1cfed |
| SHA512 | 83f062bb26f9899ef438cb7d0b9dfc7875aea2791d2bfd3698a7ca5e2bda942404b94f1cb839d299d43ce7bd6e58a15baf6b870636ef4d10f6915f874e6ca469 |
C:\Users\Admin\Downloads\Unconfirmed 879513.crdownload
| MD5 | c1980b018489df28be8809eb32519001 |
| SHA1 | e860439703d7b6665af4507b20bbef2bbb7b73f4 |
| SHA256 | 588024037b1e5929b1f2a741fff52a207bcab17f0650ec7cb0cd3cb78051998d |
| SHA512 | f70d419e869e56700a9e23350a9779f5dd56bb78adb9a1b0d5039287a24f20004db20f842294d234d4717feaa3184a5e6d90f0ee3666208bad2ea518d37b0a35 |
C:\Users\Admin\Downloads\FiddlerSetup.5.0.20245.10105-latest.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc43eb3724f06531050d223d0e28780a |
| SHA1 | bf658a62638672b6fa755bed970e7a27a439caca |
| SHA256 | c32464c51ad428ba482b9cb3f1d317a287d99b823b15503174f388a3c052ca64 |
| SHA512 | 00f4621a6ea6ba170093da9bec0a2a2614648e3bd4e7ab5b825a6a7fedffcd596d5e96d0772cce50fabdc6b825713beda6434ff30caa8b6bd6799be974a2de92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d64d835a0356a15977fb4b668ab6b240 |
| SHA1 | 0d7c842c955740e5223d5946b9d6d8b74a2ecf37 |
| SHA256 | 7d51e40f0713681feb32eeb189c4670d8902dfe8af0feab5d5bf4577d9a312dc |
| SHA512 | c2b63d95b47464d6de537da73a4290982de78553c9d33f05a14739487e2d10bfe82f723094fe607abbc558a1f80d1e3b3f5eafe394c94ac555451dc6629b4661 |
C:\Users\Admin\AppData\Local\Temp\nsi4955.tmp\FiddlerSetup.exe
| MD5 | c2a0eb6f104eacec3f39581451ee208f |
| SHA1 | 9ae7d02aeb640fbd090dfc01885b98dd5dd0b6cc |
| SHA256 | 1f926cc353301e547e76c6d2eff23fcbe85495ba0292174cc6344fac26457af8 |
| SHA512 | 8b062e4f0af1dce3a12b5776646fe8c235f30de6772f579da1a6ab2bb559ed69b3bd32af95eee248c48008ddcbd40a7e49eae722a44bc9b49dd13fe38113a3ca |
C:\Users\Admin\AppData\Local\Temp\nse5A2E.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
| MD5 | b1827fca38a5d49fb706a4a7eee4a778 |
| SHA1 | 95e342f3b6ee3ebc34f98bbb14ca042bca3d779f |
| SHA256 | 77523d1504ab2c0a4cde6fcc2c8223ca1172841e2fd9d59d18e5fc132e808ae2 |
| SHA512 | 41be41372fe3c12dd97f504ebabb70ce899473c0c502ff7bfeaddc748b223c4a78625b6481dbab9cb54c10615e62b8b2dbe9a9c08eb2f69c54ebf5933efbeb1b |
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
| MD5 | 87bc17f56e744e74408e6ae8bb28b724 |
| SHA1 | 3aa572388083ff00a95405d34d1189c99c7ff5be |
| SHA256 | ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057 |
| SHA512 | cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d |
memory/72-585-0x0000023BFD560000-0x0000023BFD8E4000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config
| MD5 | c2edc7b631abce6db98b978995561e57 |
| SHA1 | 5b1e7a3548763cb6c30145065cfa4b85ed68eb31 |
| SHA256 | e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14 |
| SHA512 | 5bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2 |
memory/3064-586-0x0000000000440000-0x0000000000448000-memory.dmp
memory/72-588-0x0000023BFD390000-0x0000023BFD44A000-memory.dmp
memory/72-590-0x0000023BFDE20000-0x0000023BFE348000-memory.dmp
memory/72-625-0x0000023BFD450000-0x0000023BFD4CA000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll
| MD5 | a999d7f3807564cc816c16f862a60bbe |
| SHA1 | 1ee724daaf70c6b0083bf589674b6f6d8427544f |
| SHA256 | 8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3 |
| SHA512 | 6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414 |
memory/72-682-0x0000023BFD8F0000-0x0000023BFD9A2000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/72-685-0x0000023BFD2D0000-0x0000023BFD320000-memory.dmp
memory/72-689-0x0000023BFD070000-0x0000023BFD092000-memory.dmp
memory/72-691-0x0000023BFB360000-0x0000023BFB37C000-memory.dmp
memory/72-694-0x0000023BFD4D0000-0x0000023BFD4F0000-memory.dmp
memory/72-698-0x0000023BFD510000-0x0000023BFD52A000-memory.dmp
memory/72-697-0x0000023BFD4F0000-0x0000023BFD50E000-memory.dmp
memory/72-703-0x0000023BFE350000-0x0000023BFE472000-memory.dmp
memory/72-696-0x0000023BFD9F0000-0x0000023BFDA34000-memory.dmp
memory/72-705-0x0000023BFD530000-0x0000023BFD550000-memory.dmp
memory/72-707-0x0000023BFDA40000-0x0000023BFDA52000-memory.dmp
memory/72-709-0x0000023BFB340000-0x0000023BFB350000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll
| MD5 | 6f9e5c4b5662c7f8d1159edcba6e7429 |
| SHA1 | c7630476a50a953dab490931b99d2a5eca96f9f6 |
| SHA256 | e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790 |
| SHA512 | 78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8 |
memory/72-706-0x0000023BFDD90000-0x0000023BFDDCC000-memory.dmp
memory/72-704-0x0000023BFDCD0000-0x0000023BFDD4E000-memory.dmp
memory/72-695-0x0000023BFD9B0000-0x0000023BFD9E2000-memory.dmp
memory/72-693-0x0000023BFD360000-0x0000023BFD372000-memory.dmp
memory/72-692-0x0000023BFE820000-0x0000023BFECEC000-memory.dmp
memory/72-690-0x0000023BFD320000-0x0000023BFD35A000-memory.dmp
memory/72-688-0x0000023BFDA70000-0x0000023BFDB22000-memory.dmp
memory/72-687-0x0000023BFD040000-0x0000023BFD062000-memory.dmp
memory/72-686-0x0000023BFDB40000-0x0000023BFDCC8000-memory.dmp
memory/72-684-0x0000023BFB330000-0x0000023BFB33C000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll
| MD5 | 1c2bd080b0e972a3ee1579895ea17b42 |
| SHA1 | a09454bc976b4af549a6347618f846d4c93b769b |
| SHA256 | 166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29 |
| SHA512 | 946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0 |
memory/72-680-0x0000023BFCF70000-0x0000023BFCFBA000-memory.dmp
memory/72-668-0x0000023BFB310000-0x0000023BFB31C000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll
| MD5 | 798d6938ceab9271cdc532c0943e19dc |
| SHA1 | 5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3 |
| SHA256 | fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2 |
| SHA512 | 644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31 |
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll
| MD5 | 3be64186e6e8ad19dc3559ee3c307070 |
| SHA1 | 2f9e70e04189f6c736a3b9d0642f46208c60380a |
| SHA256 | 79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c |
| SHA512 | 7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78 |
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll
| MD5 | eaa268802c633f27fcfc90fd0f986e10 |
| SHA1 | 21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f |
| SHA256 | fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54 |
| SHA512 | c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47 |
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll
| MD5 | ac80e3ca5ec3ed77ef7f1a5648fd605a |
| SHA1 | 593077c0d921df0819d48b627d4a140967a6b9e0 |
| SHA256 | 93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5 |
| SHA512 | 3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 4562882014f7df38316d04c4d89475ea |
| SHA1 | b56bd842693d3c17a9b09af5a89100144d1ce88a |
| SHA256 | 5d80735b48c0f39f70e37251a2861d5470b765fb662213da3a88d1c25867a440 |
| SHA512 | 7d1ce83b4f217c8ff5c5b25d389c1475efd5264c01638ebd4899b90ac560f06e8beb3ffb962ea6c118ac5c819e7d74c97fd0f91ba43f2e03146401e5219d6124 |
memory/1460-741-0x00000644451A0000-0x00000644454A4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | bc9373b269bc8d4ea4df8a44c3ba2514 |
| SHA1 | 540b02515c928fa6cae94d6d84a02575f89d5bec |
| SHA256 | e25fcb405fee6f665d134fe59b25b55ad26eb294ca90b59d57d8e1b361e9ed0e |
| SHA512 | bfc73715735b96fcbbd7644165c543d6a91226d1551ebd61dab42449975b357c9dbaf2264990e2f135e9a6b6b08100a4926c3cc4f4d9519fe440900def5bbd61 |
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll
| MD5 | 5968702720c09d48fc7a0aae9f458a3e |
| SHA1 | 64ec4c0ee94a26fdd26f7f02892a313793ca3333 |
| SHA256 | 1db11e73cdfebf485614216e227af712214049b909490e500bd0189a580a7eea |
| SHA512 | 107b18bb1f4d5441c015a657aab87581d4e37d72321ceac4208ff00f93e82d98f340dce8e6493e8f89a0104c3f71443455ab7f88433a173b5dc75e1274b21164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 42208334dc14a42a1492e8f2a55e9557 |
| SHA1 | 018c9acb0f1012e6b9f77fa324b8bd174651fbfa |
| SHA256 | d15424e5cc15f1f7724fb53af8efd2a6986e78185b8e8f82cb31c68de3c3a7a4 |
| SHA512 | ae107be82aac28a2b8d25696089d055b25153bf776fa1995273f6efe2c2425bab4fb8f23b6c64266992529ef7f93ef6f2a8b6d1354fb98b478701beafd3e7e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | c08284ff9cdc27a44cb34b4431cae5cc |
| SHA1 | 979c662bac391ff09d7a35c4e8931890cb9184a9 |
| SHA256 | 72172ecb4a8d927897ca97d79a6e454a456c74c9e12160848350569e8361389d |
| SHA512 | fc4d35bb93d76e3e3e88c942f26f18ffd797dd160fad21190e3a400d117895dc591fd79c954b6801da6689b479989d94030d7b2cdd580e8051a54ef8fe7054e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ebe95e7aac40f5de18dfec2715146c9 |
| SHA1 | fabe5f69ecb75f3d505e5d6c806780d2c853af6c |
| SHA256 | 883ed036bcee437bec771dea084acc9198a62b89617f176adafce07459a93fc9 |
| SHA512 | 7cc60ada6b68fc2c1ccfcc752efedbf5cedffb0fcd5ef89b136ea092344d327c3e295b48d4a8de697997d51c2674a8bfd1c958d901d4db22a174f2b3bbc205b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 56b1b49a4bdc4c874445907df778d045 |
| SHA1 | d2fe504ff66c8f1019897a489d1f228adbec1675 |
| SHA256 | ae164feded7be7bf0bacf35c024e49d9fe9691f9ea02860deabf3e777e181885 |
| SHA512 | da23e397b4009c66caabb9147b98e48f117855e03d82ff919e36d22bbd3f2fce6440f00147477ced44c77c512277e4506d41098aefee57dfecf0f0db0d47c115 |
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux
| MD5 | babee7fd2083dd07600dd5c55c7ccb19 |
| SHA1 | d60268525947cb482d08dc82bf8dbedc4153ecc7 |
| SHA256 | 211f95dde18026099e727ea7dd3c59b2f44e4b8d6bc37a400b4e77dd35407fb8 |
| SHA512 | fb07b7940e0caa80c779f80a79c855f360a6032f4cfbc55d1d244070d638e2edc7969ebdbb1bc695b7a6e2a4ea8b9197287ee27acaf6e0ec3e7a2114c892034c |
memory/4868-796-0x0000064449A20000-0x0000064449B18000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll
| MD5 | f7c61b3ccddcebf97d4f2fcd7d2fc298 |
| SHA1 | 3d4149310ceafb8b989afda01ac47abd4b9eae32 |
| SHA256 | 8effa08244a2d3dc6573065c372c8fc06e515f584d6f7760ffafc6fcd91b7957 |
| SHA512 | 0fd5437a6f77375b930ae913f955ef5b25c1374ae0ac491e4873ba4e303a0e4542a312d82096cbd6c171b4ed81859f2ab8ef2e2dcb20d534e5a923eb5314fa4f |
memory/4888-811-0x0000064443EC0000-0x0000064443F11000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll
| MD5 | 0ec738c1551385a6ab8287162ead2385 |
| SHA1 | 576f4ac07fa966785607109902714f104c2b6fdb |
| SHA256 | 2be57b6de3fa61e65fab74f2911edeee2d0c4d3f0e2e0371bfca72498a4ac60e |
| SHA512 | abfa6e2d47c55b65bf81a240c32bc7dbbdf739b23d4ddeb6b95d4c39eec7c0f59d3b788239b7ef4419d31176cd2a5338bda535c9241ba24ddecaaae36b57303a |
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux
| MD5 | c7f1888df8d5f0cee44055889d7145a0 |
| SHA1 | 2b38514613fdcf0bd151d72e1754f82c8600238f |
| SHA256 | 86a58da68258f409d91c6178502763d92d53d5a81a0c65ea0da5826aa95dced2 |
| SHA512 | a96ac1b47a8ddb9efcf4b1483c47ef8141b05e47c68e9357ffb239033434b9450ef562f5a1ebb0a741c401c384da95780482a647270fd39558a1d73990101670 |
memory/1644-829-0x0000064445320000-0x000006444561E000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll
| MD5 | 5ce272c443c76c6a0268b17307086373 |
| SHA1 | 9da215c4f1fa2367b0abb062ae23c49c27e0cf6e |
| SHA256 | 1bda44e93fabab317c5d2768199ae87d47868e2ba1bd5c4eafbbc78fa3ae7414 |
| SHA512 | a6a66cc3a2b2080973edea313fc2f486c26c43280ffb1790c39f7e4983671abeb7c4b7e42c247823e2f30c284467e0848259d9d8bbbe50e3858bb5dc23a29d94 |
memory/1600-844-0x0000064449980000-0x00000644499D8000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll
| MD5 | 9ca5ccbe1085d777dc220ad37e26d6d3 |
| SHA1 | 7f63e7d7764a4dc13a8b9cbec50749229cb93bca |
| SHA256 | f362820cf09248efe993990b005ae1cbc856a048f08d7e1b494d980bff8a2342 |
| SHA512 | bc5142e7741071dcbff36c8320d7b217ddfc95c43b3c2a422ff2439e0eb46669c23d1ceda2956735c9a5cf66f489de21eba9a85d3b8d50959d898a213be3c3ea |
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux
| MD5 | faeaf52985536c4d7a6fea9ebd88c910 |
| SHA1 | 29332a0eea7cb852223164a4863f4843fe101ba3 |
| SHA256 | ae8066274c5b4a5cdfc469e39463a94233d614fe44af31ea431e36a3cfe61a9a |
| SHA512 | c305626c0ae72c62eaa00bc9ca5b5377fc562a52b97020c360fb7f69386d3a09646a3843da7161c4693f32264d141f6e102fa70f2c5beae443d7b8e1d52e1f29 |
memory/2064-865-0x000006443CC40000-0x000006443CEF8000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll
| MD5 | fbf426ceb9dcf71f91b9c0e705c7887a |
| SHA1 | da50100d4c2e743d49134540d848526ea008af40 |
| SHA256 | 3aef7382577c7ef23f48a1332b415fd26b3d7fa6c9bbe5f0de383bef8e770efc |
| SHA512 | de52e8feb3a6f67e5d4cfdcba5f62313a25efe13f331625e14d6bd48f59440f878ff5ee1dd6e18ea72947ded8612e56d2eee28a681dd8db4eccd2308479c9de8 |
memory/4920-886-0x000001DF53600000-0x000001DF53626000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83719f6aab70f00af52bd895a18af3ef |
| SHA1 | 43d8ac923c0125192b2c4eaa4df558f3b8002951 |
| SHA256 | c4c125b083fd909d5bb0ac0fd9cbafd7f886d090188428fdac8aff6bf7215c00 |
| SHA512 | dd6e4ab0101e6050e83841dd713d753f5c4cc13b780d33a42c4345953f488e0e86f0db19402597f3394c906a320f3b65478cf250e07820f2ad28a7c2e275c14c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | c5efbb1e0ae2e6bb93c88e5899c2a601 |
| SHA1 | 4222198dcbee33f13574e11b27e739fb62e4b19d |
| SHA256 | 861bd76d2bb88508dd4924296ed8089741bf77c01759aadf2f372873eb8473de |
| SHA512 | 87a960a9f8cff895abd96d382fef3d6f8b9b23ef89eb2b74120db8db3dce2c6983cca16ca5fe33c9a302901b1c6c043ffcf9af6549b0bd14f55a1ee327ce6498 |
memory/4920-899-0x00000644C00C0000-0x00000644C10EA000-memory.dmp
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\b5497fca4e4478881056c95fd8c01ee6\System.Web.ni.dll
| MD5 | 9cfb48343d8e37ceb5d53c4f73c87721 |
| SHA1 | 4946db9e6de00d729e99f263c311dd501be92059 |
| SHA256 | 4c8d6b0e4a15a1da294d9dabbf3f022136973ea9b3c6fabdfd577813f8fd0433 |
| SHA512 | ddf1950b340257e7d3964b018d32971233da5bfc442aabe3362cc1fe1bdc62bec3d64284ee82cf5601bf64533bd47291010cade9dbf962210aabbb36a69e9186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 3dc1daa33c843ab59d0d9ffd0e3be928 |
| SHA1 | 5be43712a886fcfb79cdf11263ba8d0b16059380 |
| SHA256 | 4fce08944e3faed07cf1755559991a96c9918ba98bef51d152ebcd743a8cd36e |
| SHA512 | e77fd74566cde4e3148670686aee2418eaaf7fbe340143f379d32aa9546aa5eb3edd62bc5d827bf91d0dc92bff7c2561b5a2b8daef509df0ed2d17d4eae946d7 |
C:\Windows\assembly\temp\YHPW87M70K\Microsoft.JScript.ni.dll.aux
| MD5 | 8354f38ef9dd329b59e8722316ea5ce6 |
| SHA1 | 82da5accdf6f7a67f85001c9abe07b50e9031d1f |
| SHA256 | 5183d73f7acdde68a4adeae0837984de7887412397bd65631335df82c61adfba |
| SHA512 | c8ff4dd9638bbb68a3f2df6b70e9b78faf58b41d91129684bff85a29e8cb280f895b4224f7fc0b34fb75a390e7da2e733d3fdcf9475dff9afe4ccd06984f9d54 |
C:\Windows\assembly\temp\PYMO9GU1AL\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
| MD5 | bdf14ce4a416cf686dae47be34fcc09e |
| SHA1 | bc428571a58afc330553097b0ebc1eeef7ca0c61 |
| SHA256 | b31d328b94dfdebba040c34c00ab2269c92cd2f3f43db684007732b771d6c7b8 |
| SHA512 | b103c980e692559a44d704a8311ff7ae1fe81506699625310936c061881b6396f5bc786362be972029bbd42e11fe394406cfcc8b1baa05846f82da4e37a39efa |
C:\Windows\assembly\temp\GXA2CZW54A\System.Deployment.ni.dll.aux
| MD5 | 9536262da7ce4d5ae19f8dcbe22b1d33 |
| SHA1 | f35fd018806da18a371487575126f4460e832abf |
| SHA256 | a2fde0e404bd1a8784d2fb3a4c3079eae6a19a690b7a3f7a1e98488faf3af814 |
| SHA512 | 1df59e38781de47b56006aaede26695f5073f5c64cd9edf59d9e33cac5e5da49eae682e14654f532ba58585b492bc70a8018bada7eda93a11b60f979466e9f0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4923b5e7082b83a0e007afd07a68cd7 |
| SHA1 | c0d82b2de2ae31277d59d9cbfc442ce3eae021ba |
| SHA256 | ffd2391c64d588e3c66ac661951096e6ecefc66f41f6ba0f058ad6f0cec01a08 |
| SHA512 | a76bc125de31d91c017f1d24f818f2a5c43e482f39042a17812c7f771e6e5589a6d12e93d24c302ea2d87107d8cb5933a24b55fd6d6e3ae1370632e8a7b295e4 |
memory/5596-940-0x0000025205910000-0x0000025205928000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe
| MD5 | 81564947d42846910eec2d08310e0d25 |
| SHA1 | b7a167dcd3afb29c8a0e18c943d634e3fc58a44c |
| SHA256 | 543f16b73f7d40177585332f433ce76dddc1526e12bcd62cb73edd11eb002341 |
| SHA512 | 8f06409517697b022787bc9e2ed7e73100018422177aa3f63ecb406c3bdb6b021624f909a16fca0430002bfa7d35a461b38750c79c0273a154f63316b4e13037 |
memory/5696-941-0x0000064488000000-0x000006448802B000-memory.dmp
memory/5356-1026-0x0000023CD74D0000-0x0000023CD7854000-memory.dmp
memory/5356-1027-0x0000023CF45A0000-0x0000023CF45AC000-memory.dmp
memory/5356-1039-0x0000023CF5570000-0x0000023CF55B2000-memory.dmp
memory/5356-1040-0x0000023CF5540000-0x0000023CF5552000-memory.dmp
memory/5356-1041-0x0000023CF5500000-0x0000023CF5510000-memory.dmp
memory/5356-1042-0x0000023CF57A0000-0x0000023CF597A000-memory.dmp
memory/5356-1043-0x0000023CF55C0000-0x0000023CF55DA000-memory.dmp
memory/5356-1048-0x0000023CF55E0000-0x0000023CF55EE000-memory.dmp
memory/5356-1047-0x0000023CF5610000-0x0000023CF5636000-memory.dmp
memory/5356-1046-0x0000023CF5560000-0x0000023CF556C000-memory.dmp
memory/5356-1045-0x0000023CF5530000-0x0000023CF5538000-memory.dmp
memory/5356-1044-0x0000023CF5520000-0x0000023CF552A000-memory.dmp
memory/5356-1049-0x0000023CF5FF0000-0x0000023CF6596000-memory.dmp
memory/5356-1050-0x0000023CF55F0000-0x0000023CF55F8000-memory.dmp
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20245.10105\user.config
| MD5 | 9cb25332bef38c05b6500cdce25f9446 |
| SHA1 | bb527b5d80016d477e703a66f6978a0803393641 |
| SHA256 | 1921fff7083111f579a1c1d3a528eaf1322e8bde7db43fbcba042a863d646f3a |
| SHA512 | 98665587c13954230448e2cba591c61f87ce1bb3a402681d3690bd3f5b34c69ff494c624257baffcc8aea3e70b6061a2595143a81073de22aefff9ff09513532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f19857beb8599b0545c6f4b2b1b7ebe3 |
| SHA1 | 0b08810c373d82606fff8a5781c9784e391748da |
| SHA256 | 5b041631338116f13e99e579e125028feb0049cb3e1134c0418b676c14e27905 |
| SHA512 | 6fdc0a31dc5cb929255d423bc31dd2f4e1b187821e5cbef0c422c7a8bac4f3a4d357daeb31806ce170116cc925fc32a11abec0256133f69703e447a96246f09e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 177c334e85e04bc38051b75adfbc6955 |
| SHA1 | 667b7fdfa5b0fe714c9c5064b088e82110165bb5 |
| SHA256 | 7b173ea8d8d7229855cc6c1771f9030c7fc8d0cd779d10acb5501c7d8c2b4192 |
| SHA512 | dd88e2301c8500154a2a8ebe3872314b9994d22ef2c26183f48a747044db260407a2ad8c6a7d3ad22f52a510218741983b03376d4d5652a388c62976166276fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66079e5d16c87f8871d84c3b379eee34 |
| SHA1 | 4ca1e8468edce426f19dc46eac19e087d4bb7b88 |
| SHA256 | 017e4ce6d8f24b3da39c28fdf88b3a910a67b33d08dfa609b2939e45cef6b492 |
| SHA512 | 35331816227318c5e4f979900e55a8b663d29bd1dede562cdc1704d9773bd59083eb4f7295a06c229120fa516416e47fd1d7370b28bac25d8571f66fce807d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 2d57b54cf0472ecd6ac6c31c5ed5aa04 |
| SHA1 | ccb3f600ffc3a7711f951431ebbe7275f0813a5e |
| SHA256 | e5e08e06805507504311242781e7a892aae60c3b5c318cd579d710d31e529b50 |
| SHA512 | bfdfe6d7465b17dc2a00411b669e86656309dcf6027c8c5753add968ae281462c7812eebbf9628a26c5da823aa6681669f4bc6026553f90141411852ee6f763c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 161642dd45b6138dc0696fc38b15fce4 |
| SHA1 | b414b6a8d8e8a42f2d7c1d296d3f02f487c275c5 |
| SHA256 | a438acd781e7c1b493df6eccc8a27841bd2a1c0a95912e862d77598f16cefaf7 |
| SHA512 | cd0e4061e046bcaeb425a10ca79535e7d56d2c955bfcc59ad12e8c6993c1254cf5f4662aedd1e0f757c0ba61de735c926292395d4ea2f919402a3cd5c318eab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dbbec183d9cc9bf3e886b29667308a58 |
| SHA1 | 14491a6c37a0f70ade51d09eb0d99acf0802d42d |
| SHA256 | 5062e1ff4784ec696f629e5b860c7a1720b2a83d6bcfcb5d3a4b6d90b811a422 |
| SHA512 | a4f1317b7ee7a1ae285a4352df28a1277f3d1431b7c7f935208d39fb9e019d722ef0a57da4a960342426983a11814ffe5f1f3a1869a73a69509329314f62301b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df7a3d88c2e88412db51cbcaae6a9105 |
| SHA1 | 162e60872d5dab02af2b00a3ae7cd24c8a3135ee |
| SHA256 | 20f84dd626ddbd60771cad35d86332bb923a20aaa88f2ad6c9659bba1793fa29 |
| SHA512 | 8ce0ada0f229f296272388e55cd0cf7404a6b08334e845e60b48e422957dc0462ddb0632f41ae2c9afc692665122150177e03f58d635016aaad32b72ca5cf5c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3224d316f89334dbaa3b12631a1c7e62 |
| SHA1 | a4a6de693cd937fb3a27bb4ae16ff3450d008dd2 |
| SHA256 | 000f94b927a116bc037464fe47df59747ffb34a18f8555558ad3b492e069ef99 |
| SHA512 | 3174be96a55e63fc450f8183eaa981abab1767764c486b4ded1b2b74d7ef0c12a92d4ebb9f4d4b10aca51ca0cca2d314c4cd27bbdba532c711254cf78e9ed49c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c59eb320a059e4eba6d6dd10c809cdfe |
| SHA1 | 50e68f9a5321d10a98b31ac902006c9335ecda57 |
| SHA256 | 1dd7fb7870bc678c570bf5410eae454ea7a69e42df1b0782b133749b9a025093 |
| SHA512 | e191dc490bcd117dd289653fa3a16200314e21d4fc3af9b1be79c03f87da0c870e2eec5951f7801d07de1d41b8006634c5bbaa728bb7a7cbee027d572f78f11a |
memory/2644-1342-0x0000000140000000-0x0000000140CDE000-memory.dmp
memory/2644-1348-0x0000000140000000-0x0000000140CDE000-memory.dmp
memory/3140-1356-0x0000000000E10000-0x0000000000E28000-memory.dmp
memory/3140-1357-0x0000000005DB0000-0x0000000006356000-memory.dmp
memory/3140-1358-0x0000000005800000-0x0000000005892000-memory.dmp
memory/3140-1359-0x0000000005A00000-0x0000000005A0A000-memory.dmp
memory/6128-1365-0x0000000140000000-0x0000000140CDE000-memory.dmp
memory/2476-1371-0x0000000140000000-0x0000000140CDE000-memory.dmp
memory/5760-1377-0x0000000140000000-0x0000000140CDE000-memory.dmp