Windows Analysis Report
SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe
Analysis ID: 1430644
MD5: 78537045a5e032d4ac93514f027c7a47
SHA1: 5b6e705b20652c0cf39ee890013b9b8e8ad26b07
SHA256: 06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
Tags: exe
Infos:

Detection

PureLog Stealer, zgRAT
Score: 40
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 36
Range: 0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Yara detected PureLog Stealer
Yara detected zgRAT
Modifies the windows firewall
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses netsh to modify the Windows network and firewall settings
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Found URL in obfuscated visual basic script code
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
zgRAT zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ExecAction.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Brotli.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\uninst.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\dwebp.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Zopfli.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ForceCPU.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\TrustCert.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\JXR2PNG.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\makecert.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\PngDistill.exe Jump to behavior
Source: about:srcdoc HTTP Parser: No favicon
Source: about:srcdoc HTTP Parser: No favicon
Source: https://td.doubleclick.net/td/rul/975652292?random=1713914991222&cv=11&fst=1713914991222&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0 HTTP Parser: No favicon
Source: https://td.doubleclick.net/td/rul/975652292?random=1713914999207&cv=11&fst=1713914999207&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0 HTTP Parser: No favicon
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Fiddler.exe Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ExecAction.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Brotli.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\uninst.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\dwebp.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Zopfli.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\ForceCPU.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\TrustCert.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\JXR2PNG.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\makecert.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe EXE: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\PngDistill.exe Jump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fiddler2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SetupHelper.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\license.txt Jump to behavior
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 23.1.102.27:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.1.102.27:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49958 version: TLS 1.2
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: Extract: Fiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\GitHub\fiddler\Fiddler2\Common\ExecAction\v4\obj\x86\Release\ExecAction.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\RulesTab2\obj\Release Signed\RulesTab2.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\SimpleFilter\obj\Release Signed\SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.SqlXml.ni.pdb source: System.Data.SqlXml.dll.29.dr
Source: Binary string: C:\Jenkins\NetworkConnections_Release\workspace\src\Telerik.NetworkConnections\Telerik.NetworkConnections.Windows\obj\Release\net40\Telerik.NetworkConnections.Windows.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Jenkins\NetworkConnections_Release\workspace\src\Telerik.NetworkConnections\Telerik.NetworkConnections\obj\Release\net40\Telerik.NetworkConnections.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr
Source: Binary string: \ScriptEditorFSE2.exe.configBasicFormats.dllBasicFormats.pdbVSWebTestExport.dllVSWebTestExport.pdbWarning: Failed to write one or more files. source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: BasicFormats.pdbu source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.Design.ni.pdb source: System.Drawing.Design.dll.42.dr
Source: Binary string: Extract: EnableLoopback.pdb2A source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.Schemes.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Schemes.dll.3.dr
Source: Binary string: ler\Analytics.pdb\*.* source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\telerik\fiddler\ThirdParty\zopfli\Release\Zopfli.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.Parsers.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.pdb\*.* source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Numerics.ni.pdb source: System.Numerics.dll.75.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\PngDistill\obj\Release Signed\PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\EnableLoopback\obj\Release Signed\EnableLoopback.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, EnableLoopback.exe.72.dr
Source: Binary string: System.Deployment.ni.pdb source: System.Deployment.dll.31.dr
Source: Binary string: \Tools\PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdbRSDS source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: Extract: FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \ScriptEditor\Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Runtime.Caching.ni.pdbRSDS source: System.Runtime.Caching.dll.37.dr
Source: Binary string: \ImportExport\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \UpdateFiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \ImportExport\BasicFormats.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \Scripts\FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: -: Completederik Fiddler Classicemp\nsx8D7.tmp\System.dll, 0) .r9lerxport.pdb\*.**.*kConnections.Windows.dll\*.*" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler" source: FiddlerSetup.exe, 00000003.00000002.2524271016.0000000000427000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Extract: TrustCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: Timeline.pdbI source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Local\.dll.pdb source: System.Web.dll.35.dr
Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JenkinsHome\jobs\AnalyticsReleaseBuild\workspace\Telerik.FJ.Analytics\GA.Analytics.Monitor\obj\Release\GA.Analytics.Monitor.pdbg source: GA.Analytics.Monitor.dll0.3.dr
Source: Binary string: System.ServiceModel.Internals.ni.pdbRSDS source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: System.Numerics.ni.pdbRSDSautg source: System.Numerics.dll.75.dr
Source: Binary string: *?|<>/":%s%S.dllCallers\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dllort\VSWebTestExport.pdb\*.**.*kConnections.Windows.dll\*.*C:\Users\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dll2t\VSWebTestExport.pdbdlltworkConnections.Windows.dllFalsers\user~1\AppData\Local\Temp\nsx8D7.tmpr/tasks/configurefiddler.exe"ppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"Trueers\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dlltor\FSE2.exe source: FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Qcddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.Design.pdb source: System.Drawing.Design.dll.42.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\Timeline\obj\Release Signed\Timeline.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, Timeline.dll.3.dr
Source: Binary string: FiddlerOrchestra.Protocol.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Protocol.dll.3.dr
Source: Binary string: System.Numerics.pdb source: System.Numerics.dll.75.dr
Source: Binary string: SWebTestExport.pdbllx source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\BasicFormats\obj\Release Signed\BasicFormats.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: FiddlerOrchestra.Protocol.pdbSHA256q source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Protocol.dll.3.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler\FiddlerOrchestra\FiddlerOrchestra.Addon\obj\Release\FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: EnableLoopback.ni.pdbRSDS source: EnableLoopback.exe.72.dr
Source: Binary string: System.ServiceModel.Internals.pdb source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: \Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Data.SqlXml.ni.pdbRSDS2 source: System.Data.SqlXml.dll.29.dr
Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.3.dr
Source: Binary string: System.EnterpriseServices.Wrapper.ni.pdb source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: Extract: Analytics.pdbb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Caching.pdb source: System.Runtime.Caching.dll.37.dr
Source: Binary string: \Scripts\Timeline.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.ServiceModel.Internals.ni.pdb source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: \ScriptEditor\GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.dll.3.dr
Source: Binary string: Extract: Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Fiddler.pdb source: Fiddler.exe.3.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\VSWebTestExport\obj\Release Signed\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.EnterpriseServices.Wrapper.ni.pdbRSDS source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: \GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Editor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Editor.dll1.3.dr
Source: Binary string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003port\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.pdb\*.*Ii source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.EnterpriseServices.Wrapper.pdb source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: \Fiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Would you like to go download manually now?https://fiddler2.com/r/?GetDotNet4open https://fiddler2.com/r/?GetDotNet4Compatible .NET Framework/Service Pack found.Installing Progress Telerik Fiddler Classic2500Fiddler.exe.configFiddler.pdbSetupHelperTrustCert.exeTrustCert.pdbInstalling Dependencies... source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \EnableLoopback.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: FiddlerOrchestra.Connection.pdbSHA256' source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \TrustCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: C:\JenkinsHome\jobs\AnalyticsReleaseBuild\workspace\Telerik.FJ.Analytics\GA.Analytics.Monitor\obj\Release\GA.Analytics.Monitor.pdb source: GA.Analytics.Monitor.dll0.3.dr
Source: Binary string: \Inspectors\Be.Windows.Forms.HexBox.dllAnalytics.dllAnalytics.pdbGA.Analytics.Monitor.dllGA.Analytics.Monitor.pdbNewtonsoft.Json.dllDotNetZip.dll source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Deployment.ni.pdbRSDS source: System.Deployment.dll.31.dr
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Common.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Common.dll.3.dr, QWhale.Common.dll0.3.dr
Source: Binary string: EnableLoopback.ni.pdb source: EnableLoopback.exe.72.dr
Source: Binary string: FiddlerOrchestra.Utilities.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Utilities.dll.3.dr
Source: Binary string: System.Deployment.pdb source: System.Deployment.dll.31.dr
Source: Binary string: EnableLoopback.exeEnableLoopback.pdbApp.icoCountdown.wavLoadScript.wavLoadScriptError.wavNOTICES.txtScreenshot.wavcredits.txtsaz.ico source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: System.Drawing.Design.ni.pdbRSDS source: System.Drawing.Design.dll.42.dr
Source: Binary string: MakeCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\src\JPEGXR2PNG\JPEGXR2PNG\obj\Release\JXR2PNG.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr
Source: Binary string: FiddlerOrchestra.Connection.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.SqlXml.pdb source: System.Data.SqlXml.dll.29.dr
Source: Binary string: \ToolsPngDistill.exePngDistill.pdbInstalling FiddlerExtensions...SimpleFilter.dllSimpleFilter.pdbTimeline.dllTimeline.pdbRulesTab2.dllQWhale.Syntax.Parsers.dllInstalling Fiddler Orchestra addon...FiddlerOrchestra.Addon.dllFiddlerOrchestra.Addon.pdbFiddlerOrchestra.Connection.dllFiddlerOrchestra.Protocol.dllFiddlerOrchestra.Utilities.dllnetstandard.dll source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Caching.ni.pdb source: System.Runtime.Caching.dll.37.dr
Source: Binary string: Extract: VSWebTestExport.pdb1 source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Scripts\SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: FiddlerOrchestra.Utilities.pdbSHA256 source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Utilities.dll.3.dr
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\BasicFormats\obj\Release Signed\BasicFormats.pdbl source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\Fiddler.SetupHelper\obj\Release Signed\Fiddler.SetupHelper.pdb source: SetupHelper, 00000013.00000000.1360771425.0000000000772000.00000002.00000001.01000000.0000000A.sdmp, SetupHelper.3.dr
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_0040687E FindFirstFileW,FindClose, 1_2_0040687E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 1_2_00405C2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00402910 FindFirstFileW, 1_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00402910 FindFirstFileW, 3_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_004069DF FindFirstFileW,FindClose, 3_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 3_2_00405D8E
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs\Fiddler Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData Jump to behavior

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: 3.2.FiddlerSetup.exe.2ccf202.15.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.FiddlerSetup.exe.2af94ae.11.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.FiddlerSetup.exe.2adb956.10.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\netstandard.dll, type: DROPPED
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 42
Found URL in obfuscated visual basic script code
Source: QWhale.Syntax.Parsers.dll0.3.dr Binary string: http://www.microsoft.com/downloads/details.aspx?familyide5b8ebc2-6ad6-49f0-8c90-e4f763e3f04famp;displaylangen - obfuscation quality: 4
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 18.65.25.57 18.65.25.57
Source: Joe Sandbox View IP Address: 104.18.32.137 104.18.32.137
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.102.27
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: global traffic HTTP traffic detected: GET /download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /WebResource.axd?d=DzHrpQl5URXarFHAtrmzFsPwWIExaUeLHf3gTuslFxiRsjc9gU89IWbLw9lFnSTXl5qZVz-0iBHHB3aQBiGWPYzKfk3ndhT8iH1RSf_M6Sk7X3EWbQzPMVpb-rxAUHFQlncyLjOo3RP6E9HfRXn18roSCYCGCRaVqv9jyNWgJTH95Urh0&t=638477158040000000 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /WebResource.axd?d=HtQyXelCu6mzSPcVcvK_BiMPfgaXcXtBpU_p4oPRWdaaTkgqeBOpXuu1TRv9pAGD-FAzjGGeBeqirrj8SJpv3YU7eO6rv9kziBqvktqcdZzC15nZHrag4kg_mMMtSYLloBTL1HIRNuD4Iepyub_zCpOjm9RyH4DXkI1YDpCN_mnfRNsYUjpSNKzgKVak4AN3FQYzZOcP1Z4PmfVVfM_48qg3YrI1&t=638477158040000000 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /WebResource.axd?d=wnB2OjhYopty-dCFa4b2kKCIWGgLoaj0QQ4I7F_PiSysmtqnVBUtsGpmlAymZDgXEXdRjhe5BdfNkuyybLSHMhRnbzI9oh6WXC-y-EwOrJPY0qCvfWaOo0ltV4TVm8apzRlzF5O244Y4u7-m5V8Vv2yC1Tun7PurVRoOxfv28sPwY-isOJNAi7MSqc1tycGYAkqZXHU_zlVNorSTBDv4W4jemDM1&t=638477158040000000 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /WebResource.axd?d=NjxTqR2bqTw1rewxxlkHPoKtHrXAWC0HAaoiA_KkRcUyXkV02CSw2viy3BbwqQQWnOeUM4JljOrJ6SdN8P6xkcmc02D5IE0_hoR3ujKOHMUMV0D80Ax-2HQgUBn3JFGVcQMIptO-sbrJg4UhPcfKleFkBd3KXta5g771qRLz1--cqQWHZet4VERXE7zwP_V-_reX4bmQVhWS6yxLXOsj2Tnqll01&t=638477158040000000 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/2.2.7/metric/Metric-Light.woff2 HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/2.2.7/metric/Metric-Medium.woff2 HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/2.2.7/metric/Metric-Regular.woff2 HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cache/b6ce06a57a51347c21d7af30873baa8620408fd6/telerik/css/style.css HTTP/1.1Host: dtzbdy9anri2p.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/2.2.7/metric/Metric-Semibold.woff2 HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /telerik-navigation/3.5.25/js/index.min.mjs HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/2.2.7/css/metric.min.css HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /telerik-navigation/3.5.25/css/index.min.css HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cache/b3485d7dde1ec57a3915d1079237c8c34a5198c1/telerik/js/dist/polyfills.min.js HTTP/1.1Host: dtzbdy9anri2p.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cache/4666b7b10226b39c77768062c69b31c53897f9d3/telerik/js/dist/all.min.js HTTP/1.1Host: dtzbdy9anri2p.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/3dfce4f2-dab6-4128-9f33-df7e0597da82.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /webapi/Announcements/GetPromo?url=https://www.telerik.com/download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sdk/sitefinity-insight-client.min.3.1.13.js HTTP/1.1Host: cdn.insight.sitefinity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cache/b6ce06a57a51347c21d7af30873baa8620408fd6/telerik/iconfont/tlrk-icon-font-dc6cff9dd8.woff2 HTTP/1.1Host: dtzbdy9anri2p.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.telerik.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://dtzbdy9anri2p.cloudfront.net/cache/b6ce06a57a51347c21d7af30873baa8620408fd6/telerik/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Frontend-Assembly/Web.SitefinityExtensions.EloquaConnector/Scripts/BrowserSessionStorage.min.js?package=PureMvc&v=Q2NzWmRUZmg5UHpIS3RyRDhtYkJmUT09 HTTP/1.1Host: d585tldpucybw.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Frontend-Assembly/Web.SitefinityExtensions.EloquaConnector/Scripts/SetBrowserSessionStorage.min.js?package=PureMvc&v=ZGx1bUU2RnZ6Tmd0d21DTm10M2ZHUT09) HTTP/1.1Host: d585tldpucybw.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd37538b&pageDataId=1f960fad-aef2-4475-8978-52fb7a29dbc9&pageNodeKey=5CEB4BE1-05BD-4C69-892A-2C2BBD37538B/b31ca85c-a1c5-4a9d-8b5d-e7b0736a8b16/SitefinitySiteMap&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&controls=09f9bb4f-5990-40af-b361-7849c73c9604_1,0cd3f511-e7d9-4e23-8773-26005ae09893_1,25637a62-a321-49a0-8b7e-5962dc977e95_1,6b5ac4dc-8fd0-4043-bd0a-e9ffd31e3bc8_1&correlationId=lvd0q0oezinv502q4f HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0SF_NO_URL_REFERER: trueUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/json; charset=utf-8Accept: application/jsonX-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripttemplates/202401.2.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sfimages/default-source/productsimages/kendo-ui-complete/kendoka_icon.png?sfvrsn=922435fb_2 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c/hotjar-66905.js?sv=7 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sxp/i/940047942047f9f048d2c1e1f6b78492.js HTTP/1.1Host: euob.ytwohlcq.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2
Source: global traffic HTTP traffic detected: GET /consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/8b69118b-3606-49f3-8c41-2718141b484d/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /web-vitals/dist/web-vitals.iife.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /web-vitals@3.5.2/dist/web-vitals.iife.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripttemplates/202401.2.0/assets/otFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripttemplates/202401.2.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /modules.588629dd3c10b20ab52d.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=elqNone&tzo=-60&ms=762&optin=disabled HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /td/ga/rul?tid=G-9JSNBCSF54&gacid=925834404.1713914987&gtm=45je44m0v9167661709z8536291za200&dma=0&gcs=G111&gcd=13v3v3v3v5&npa=0&pscdl=noapi&aip=1&fledge=1&z=1283479480 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP.aspx?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=elqNone&tzo=-60&ms=762&optin=disabled&elqCookie=1 HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ELOQUA=GUID=A19FC9146C534783A26EBA38F50B2A88; ELQSTATUS=OK
Source: global traffic HTTP traffic detected: GET /external-assets/1.0.22/utils/store-lead-data.min.js HTTP/1.1Host: d6vtbcy3ong79.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-1&cid=925834404.1713914987&jid=1541579741&_u=aGBAiEABBAAAAGAFKC~&z=803182535 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-74&cid=925834404.1713914987&jid=629508174&_u=aGDAiEABBAAAAGAFKC~&z=33840365 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ki.js/24100/4Nr.js HTTP/1.1Host: cl.qualaroo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ct?id=37678&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&sf=0&tpi=&ch=Telerik&uvid=&tsf=0&tsfmi=&tsfu=&cb=1713914987738&hl=1&op=0&ag=300509663&rand=949911591996670929250675522207660181220029557281702027707682202129158111898882021890&fs=1034x870&fst=1034x870&np=win32&nv=google%20inc.&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDEyMTddLFsiYm5jaCIsNV0sWyJhYm5jaCIsNV0sWy0xNSwiLSJdLFstMzQsIi0iXSxbLTUyLCItIl0sWy0yNywiWzQwMCwxLjUsMCxcIjNnXCIsbnVsbF0iXSxbLTEyLCJudWxsIl0sWy0yMSwiLSJdLFstMTgsIlswLDAsMCwxXSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiZ29vZ2xlIGluYy4gKGdvb2dsZSlcIixcInJcIjpcImFuZ2xlIChnb29nbGUsIHZ1bGthbiAxLjMuMCAoc3dpZnRzaGFkZXIgZGV2aWNlIChzdWJ6ZXJvKSAoMHgwMDAwYzBkZSkpLCBzd2lmdHNoYWRlciBkcml2ZXIpXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjE0LFwid2dsXCI6MSxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwic2VmXCI6MzY5ODUxODcxMCxcInNlY1wiOlwiXCJ9Il0sWy00MiwiMTcyNDI5NzY1MyJdLFstMzUsIlsxNzEzOTE0OTg3NDE2LC0yXSJdLFstMjgsImVuLVVTLGVuIl0sWy0xMywiLSJdLFstMjUsIi0iXSxbLTY2LCJnZW9sb2NhdGlvbixzdG9yYWdlYWNjZXNzLGdhbWVwYWQsY2hlY3QsbWlkaSxkaXNwbGF5Y2FwdHVyZSx1c2IsYnJvd3Npbmd0b3BpY3MsbG9jYWxmb250cyxwaWN0dXJlaW5waWN0dXJlLGpvaW5hZGludGVyZXN0Z3JvdXAscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsb3RwY3JlZGVudGlhbHMsY2h1YWZvcm1mYWN0b3IsZW5jcnlwdGVkbWVkaWEsY2hzYXZlZGF0YSxjaHVhZnVsbHZlcnNpb25saXN0LGNodWF3b3c2NCxzaGFyZWRzdG9yYWdlLGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsc2VyaWFsLGNhbWVyYSxjaHByZWZlcnNyZWR1Y2VkbW90aW9uLHByaXZhdGVzdGF0ZXRva2VuaXNzdWFuY2UsYmx1ZXRvb3RoLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQsY2h1YWZ1bGx2ZXJzaW9uLGZ1bGxzY3JlZW4sY2hkcHIsdW5sb2FkLGtleWJvYXJkbWFwLGNodWFwbGF0Zm9ybSxzaGFyZWRzdG9yYWdlc2VsZWN0dXJsLGd5cm9zY29wZSxpbnRlcmVzdGNvaG9ydCx3aW5kb3dwbGFjZW1lbnQsY2h1YW1vYmlsZSxjaHVhLHJ1bmFkYXVjdGlvbixtYWduZXRvbWV0ZXIsYWNjZWxlcm9tZXRlcixwcml2YXRlc3RhdGV0b2tlbnJlZGVtcHRpb24sY2h1YWFyY2gseHJzcGF0aWFsdHJhY2tpbmcsaWRsZWRldGVjdGlvbixjaHVhcGxhdGZvcm12ZXJzaW9uLGNod2lkdGgsY2xpcGJvYXJkcmVhZCxjaHZpZXdwb3J0d2lkdGgscGF5bWVudCxjaHZpZXdwb3J0aGVpZ2h0LGNocnR0LGF1dG9wbGF5LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsaGlkLGNodWFiaXRuZXNzLHNjcmVlbndha2Vsb2NrLHByaXZhdGVhZ2dyZWdhdGlvbixjbGlwYm9hcmR3cml0ZSxhdHRyaWJ1dGlvbnJlcG9ydGluZyxjaGRldmljZW1lbW9yeSxtaWNyb3Bob25lIl0sWy0yMywiKyJdLFstNTAsIi0iXSxbLTQ3LCJFdXJvcGUvWnVyaWNoLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstMjksIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTYsIi0iXSxbLTEwLCItIl0sWy0yNiwie1widGpoc1wiOjE0MzQ3NTY3LFwidWpoc1wiOjEwNTQ3NDIzLFwiamhzbFwiOjIxNzI2NDk0NzJ9Il0sWy0zNywiLTEwOS02Ni03MC0iXSxbLTksIisiXSxbLTIwLCI5MjU4MzQ0MDQuMTcxMzkxNDk4NyJdLFstMzksIltcIjIwMDMwMTA3XCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCw1LHRydWUsdHJ1ZSxudWxsLDAsdHJ1ZSx0cnVlXSJdLFstNDksIi0iXSxbLTYwLCItIl0sWy0zMiwiLSJdLFstNDUsIi0iXSxbLTYxLCJ7XCJ3Z3N
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP?pps=70&siteid=1325 HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ELOQUA=GUID=A19FC9146C534783A26EBA38F50B2A88; ELQSTATUS=OK
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dswWbrh3M+huW3O&MD=8amD1xGW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /pagead/landing?gcs=G111&gcd=13v3v3v3v5&rnd=71549082.1713914988&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&dma=0&npa=0&gtm=45je44m0v9167661709z8536291za200&auid=571138784.1713914988 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /td/rul/975652292?random=1713914991222&cv=11&fst=1713914991222&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=410509906&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CLnc9JHh-P76OCITCIaknPO-2YUDFcT8_QUdYDUDfjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /signals/config/1444093252502226?v=2.9.154&r=stable&domain=www.telerik.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126bedce34ee4e839f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5d168b6a2f17071a10acf9f29f674d8b83d8022b3648fa2c2157826adf61950c655021c604030a35555997b7624f77be26bb25cb43e2923ef44c6eaa132c7a14c450ea54e285929c68f37950aa2084ba5f7ff35b7b1a2d18c8c9077af562b7818fbd1910fa0a9fc95df820da75c45b956279f02b01f2040e0228d2595fe69fe0a100ba2f965f980cf64d766dbad1276140023df819958d45a95f60e8e4e47116253bc6f57662d4dd09012b4576190bb98e32606d64f5ac183bd5b4f02d97fe58740f30b9e4f0d58a7dacd5880bbf51ca5c6b369cbcc8bcf630c48db3639e335bd8f9cb284c1fa3616daa820876b08de97e8a03fa42ae965d8013d9c56d9c7c71d6da2dc77ad795afedcbbabf4c68af74a8e8a5744e60e3943dcceb13e75a1058830906d092cecccaec9426873ac792f5c638e87b3b6cd7366b8493925f2adca82bf853b5c11fd837ae3d1a0b63fd76f14ddc87f62cf6c72fc45cbfd9929b77895d437ded59041326093e89ec62be058c8cb123ab9975f6996c94c2e5fd6984b5e4496d7384a90604d7f7471a07f7cdec3ff164de9308fdea3cbb7ea5399657d014d3b63dc01b24edaf966f3738721f385d0e64f6b8d932967be357445134eaa85d9dc40a0695b9dfbabc6cdeece4fc84f0b3f04b4f3ffb5b87b6596d855f6607ca605b7570eb7daf7674def99526d334c52f99aa32ccbf0c9a720e25290a7b0dd884998d5a3c0df3111e90d58de2d68041198cf3f824c2dd7969d9cc133b68fa98d85228bf209b1fe873aa4bce72a4ba14acba6e93efedc0845526aab96f718864a793b1ac179f6535120c9c6f5d30cad23be79a628bf9c69020ce8e86641c2b55fc7dfd17a03edf9d7bd4761a334b3a616db50bcad04f0aea3e84feaa6bbb9a1ad52b2dbd1b7e308dbc844848e470f58e10da1b234017ed292683b3c52896027c888f10bdcd9da2c250d05d49304ab12474409691104ee57fb4ab833f85d0f01c023ff128320204d30501a58be41916947e638ad4fe01bb88e59c027be467a90d3c07900d7632&cri=aUHD7PzVvl&ts=3552&cb=1713914991290 HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _ga=GA1.1.925834404.1713914987; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A49+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=0&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&gr
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/975652292/?random=1608824865&cv=11&fst=1713914991222&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIImMGxAiIBAUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CM734vW9jPGD2wEiEwiYjafzvtmFAxXI27gIHex4DsMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzoYaHR0cHM6Ly93d3cudGVsZXJpay5jb20v HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=410509906&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CLnc9JHh-P76OCITCIaknPO-2YUDFcT8_QUdYDUDfjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8&is_vtc=1&cid=CAQSKQB7FLtqm_2Y7mhgr_4TT706Z25qzJIIuEtEWsQVeg8mFAIyjSrn8yEj&random=4068442111 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tag/uet/223000243 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?random=1608824865&cv=11&fst=1713914991222&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIImMGxAiIBAUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CM734vW9jPGD2wEiEwiYjafzvtmFAxXI27gIHex4DsMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzoYaHR0cHM6Ly93d3cudGVsZXJpay5jb20v&is_vtc=1&cid=CAQSKQB7FLtqTO4M5I36ifJXChJVuy-H36QKhxR0sa1VYuN8TZngHcOzzy-1&random=1494915262 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/0.7.31/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=2a63f70e8ac245f79a80d75f53b3453d.20240423.20250423
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=&if=false&ts=1713914994454&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914993541&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=&if=false&ts=1713914994454&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914993541&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: event-source, trigger=navigation-sourceReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _ga=GA1.1.925834404.1713914987; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; sf-ins-pv-id=9e7d323c-2538-449c-935b-bc72383359ee; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjpmYWxzZX0=; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _cq_pxg=3|594323327|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.0.1713914991.56.0.0; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A55+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=
Source: global traffic HTTP traffic detected: GET /td/ga/rul?tid=G-9JSNBCSF54&gacid=925834404.1713914987&gtm=45je44m0v9167661709z8536291za200&dma=0&gcs=G111&gcd=13v3v3v3v5&npa=0&pscdl=noapi&aip=1&fledge=1&z=1283479480 HTTP/1.1Host: td.doubleclick.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://td.doubleclick.net/td/ga/rul?tid=G-9JSNBCSF54&gacid=925834404.1713914987&gtm=45je44m0v9167661709z8536291za200&dma=0&gcs=G111&gcd=13v3v3v3v5&npa=0&pscdl=noapi&aip=1&fledge=1&z=1283479480Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /frame.html HTTP/1.1Host: dntcl.qualaroo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tag/uet/223000243 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=2a63f70e8ac245f79a80d75f53b3453d.20240423.20250423
Source: global traffic HTTP traffic detected: GET /td/rul/975652292?random=1713914991222&cv=11&fst=1713914991222&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://td.doubleclick.net/td/rul/975652292?random=1713914991222&cv=11&fst=1713914991222&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /json/ HTTP/1.1Host: geo.qualaroo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/javascriptsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=&if=false&ts=1713914994454&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914993541&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=&if=false&ts=1713914994454&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914993541&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /webapi/Announcements/GetPromo?url=https://www.telerik.com/download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _ga=GA1.1.925834404.1713914987; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjpmYWxzZX0=; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _cq_pxg=3|594323327|975652292|event=conversion; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A55+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=; _ga_9JSNBCSF54=GS1.1.1713914987.1.0.1713914996.51.0.0; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _ga=GA1.1.925834404.1713914987; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjpmYWxzZX0=; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _cq_pxg=3|594323327|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.0.1713914991.56.0.0; _fbp=fb.1.1713914994453.110516813; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A55+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1
Source: global traffic HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd37538b&pageDataId=1f960fad-aef2-4475-8978-52fb7a29dbc9&pageNodeKey=5CEB4BE1-05BD-4C69-892A-2C2BBD37538B/b31ca85c-a1c5-4a9d-8b5d-e7b0736a8b16/SitefinitySiteMap&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&controls=09f9bb4f-5990-40af-b361-7849c73c9604_1,0cd3f511-e7d9-4e23-8773-26005ae09893_1,25637a62-a321-49a0-8b7e-5962dc977e95_1,6b5ac4dc-8fd0-4043-bd0a-e9ffd31e3bc8_1&correlationId=lvd0qj2kn097okrw3nn HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/json; charset=utf-8Accept: application/jsonSF_URL_REFERER: https://www.telerik.com/download/fiddler/first-runX-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _ga=GA1.1.925834404.1713914987; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjpmYWxzZX0=; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _cq_pxg=3|594323327|975652292|event=conversion; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A55+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=; _ga_9JSNBCSF54=GS1.1.1713914987.1.0.1713914996.51.0.0; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9
Source: global traffic HTTP traffic detected: GET /web-vitals/dist/web-vitals.iife.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ct?id=37678&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&sf=0&tpi=&ch=Telerik&uvid=&tsf=0&tsfmi=&tsfu=&cb=1713914997517&hl=1&op=0&ag=300509663&rand=039280971260119758819251020028629021601221976155020279621809222752118268259696351250&fs=1034x870&fst=1034x870&np=win32&nv=google%20inc.&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ss=1280x1024&nc=0&at=&di=W1siZWYiLDk1XSxbImJuY2giLDldLFsiYWJuY2giLDldLFstNTksImRlZmF1bHQiXSxbLTUsIi0iXSxbLTE5LCJbMTAsMTAsMTAsMTAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCw5ODQsMTI4MCwxMDI0LDEwNTAsOTY0LDEwMzQsODcwLDAsMCwwLDAsXCItXCIsXCItXCIsMTAxNyw4NzBdIl0sWy00NCwiMCwwLDAsNSJdLFstMjIsIltcInJcIixcInJcIl0iXSxbLTU3LCJXRTBaZUV0TFdFQVhUMXdaRVZGTlRVbEtBeFlXWEV4V1d4ZEFUVTVXVVZWYVNCZE5YRlZjUzFCU0YxcFdWQlpLUVVrV1VCWUFEUWtKRFE0QURRc0pEUTVmQUY4SkRRRmRDMW9JWEFoZkQxc09BUTBBQ3hkVFNnTUlBdzhPQ3dnSUVBPT0iXSxbLTY0LCJbMCxcIldpbmRvd3NcIixbe1wiYlwiOlwiR29vZ2xlIENocm9tZVwiLFwidlwiOlwiMTE3XCJ9LHtcImJcIjpcIk5vdDtBPUJyYW5kXCIsXCJ2XCI6XCI4XCJ9LHtcImJcIjpcIkNocm9taXVtXCIsXCJ2XCI6XCIxMTdcIn1dXSJdLFstNCwiLSJdLFstMTgsIlswLDAsMCwxXSJdLFstMzcsIi0xMDktNjYtNzAtIl0sWy0xMCwiLSJdLFstMjQsIltdIl0sWy01OCwiLSJdLFstMTUsIi0iXSxbLTUwLCItIl0sWy02NiwiZ2VvbG9jYXRpb24sc3RvcmFnZWFjY2VzcyxnYW1lcGFkLGNoZWN0LG1pZGksZGlzcGxheWNhcHR1cmUsdXNiLGJyb3dzaW5ndG9waWNzLGxvY2FsZm9udHMscGljdHVyZWlucGljdHVyZSxqb2luYWRpbnRlcmVzdGdyb3VwLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LG90cGNyZWRlbnRpYWxzLGNodWFmb3JtZmFjdG9yLGVuY3J5cHRlZG1lZGlhLGNoc2F2ZWRhdGEsY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjaHVhd293NjQsc2hhcmVkc3RvcmFnZSxjaGRvd25saW5rLGNocHJlZmVyc2NvbG9yc2NoZW1lLHN5bmN4aHIsY2h1YW1vZGVsLHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGJsdWV0b290aCxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsd2luZG93cGxhY2VtZW50LGNodWFtb2JpbGUsY2h1YSxydW5hZGF1Y3Rpb24sbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGlkbGVkZXRlY3Rpb24sY2h1YXBsYXRmb3JtdmVyc2lvbixjaHdpZHRoLGNsaXBib2FyZHJlYWQsY2h2aWV3cG9ydHdpZHRoLHBheW1lbnQsY2h2aWV3cG9ydGhlaWdodCxjaHJ0dCxhdXRvcGxheSxjcm9zc29yaWdpbmlzb2xhdGVkLGhpZCxjaHVhYml0bmVzcyxzY3JlZW53YWtlbG9jayxwcml2YXRlYWdncmVnYXRpb24sY2xpcGJvYXJkd3JpdGUsYXR0cmlidXRpb25yZXBvcnRpbmcsY2hkZXZpY2VtZW1vcnksbWljcm9waG9uZSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcIm9nOnRpdGxlXCIsXCJ0d2l0dGVyOnRpdGxlXCJdfSJdLFstMjMsIisiXSxbLTcsIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTQ1LCItIl0sWy0zMywiLSJdLFstNDcsIkV1cm9wZS9adXJpY2gsZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00MSwiLSJdLFstMjAsIjkyNTgzNDQwNC4xNzEzOTE0OTg3Il0sWy0zMiwiLSJdLFstNDksIi0iXSxbLTEzLCItIl0sWy0yNywiWzQwMCwxLjUsMCxcIjNnXCIsbnVsbF0iXSxbLTY4LCItIl0sWy0xNiwiMCJdLFstMzYsIltcIjUvNFwiLFwiNS80XCJdIl0sWy0xNCwiLSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiZ29vZ
Source: global traffic HTTP traffic detected: GET /tag/uet/223000243 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=2a63f70e8ac245f79a80d75f53b3453d.20240423.20250423
Source: global traffic HTTP traffic detected: GET /browser-perf.8417c6bba72228fa2e29.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1853818599.1713914998&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&dma=0&npa=0&gtm=45je44m0v9167661709z8536291za200&auid=571138784.1713914988 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tzo=-60&ms=36&optin=disabled HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ELOQUA=GUID=A19FC9146C534783A26EBA38F50B2A88; ELQSTATUS=OK
Source: global traffic HTTP traffic detected: GET /td/rul/975652292?random=1713914999207&cv=11&fst=1713914999207&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /s/0.7.31/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=2a63f70e8ac245f79a80d75f53b3453d.20240423.20250423
Source: global traffic HTTP traffic detected: GET /consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/3dfce4f2-dab6-4128-9f33-df7e0597da82.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/8b69118b-3606-49f3-8c41-2718141b484d/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripttemplates/202401.2.0/assets/otFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripttemplates/202401.2.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /json/ HTTP/1.1Host: geo.qualaroo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /webapi/Announcements/GetPromo?url=https://www.telerik.com/download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9; sid=/pU34nM7xcF1a1i8u1OTxx/5J7bGqqAKXB2hXQOSALC5RJ2vae2gTRMWBg3kyy445Vdm0qRGnvVHMEEoR6SE1I1o0VOa/z9xqn/whm5Vqb40haS8tZDTwRx1NODFFQTPT3eFyQBOkyaTEQw3mN7RJIPVp00=; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0
Source: global traffic HTTP traffic detected: GET /RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd37538b&pageDataId=1f960fad-aef2-4475-8978-52fb7a29dbc9&pageNodeKey=5CEB4BE1-05BD-4C69-892A-2C2BBD37538B/b31ca85c-a1c5-4a9d-8b5d-e7b0736a8b16/SitefinitySiteMap&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&controls=09f9bb4f-5990-40af-b361-7849c73c9604_1,0cd3f511-e7d9-4e23-8773-26005ae09893_1,25637a62-a321-49a0-8b7e-5962dc977e95_1,6b5ac4dc-8fd0-4043-bd0a-e9ffd31e3bc8_1&correlationId=lvd0qj2kn097okrw3nn HTTP/1.1Host: www.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9; sid=/pU34nM7xcF1a1i8u1OTxx/5J7bGqqAKXB2hXQOSALC5RJ2vae2gTRMWBg3kyy445Vdm0qRGnvVHMEEoR6SE1I1o0VOa/z9xqn/whm5Vqb40haS8tZDTwRx1NODFFQTPT3eFyQBOkyaTEQw3mN7RJIPVp00=; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0
Source: global traffic HTTP traffic detected: GET /sfimages/default-source/productsimages/kendo-ui-complete/kendoka_icon.png?sfvrsn=922435fb_2 HTTP/1.1Host: www.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; ki_t=1713914995146%3B1713914995146%3B1713914995146%3B1%3B1; ki_r=; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9; sid=/pU34nM7xcF1a1i8u1OTxx/5J7bGqqAKXB2hXQOSALC5RJ2vae2gTRMWBg3kyy445Vdm0qRGnvVHMEEoR6SE1I1o0VOa/z9xqn/whm5Vqb40haS8tZDTwRx1NODFFQTPT3eFyQBOkyaTEQw3mN7RJIPVp00=; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713914999876&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713914999876&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: trigger=navigation-source, event-sourceReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP?pps=70&siteid=1325 HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ELOQUA=GUID=A19FC9146C534783A26EBA38F50B2A88; ELQSTATUS=OK
Source: global traffic HTTP traffic detected: GET /collect/v2/data-centers/76766c2b-82f4-2453-81e5-fd840f3b455b/datasources/TelerikCom/interactions HTTP/1.1Host: api.insight.sitefinity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /visitor/v200/svrGP?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tzo=-60&ms=36&optin=disabled HTTP/1.1Host: s1325.t.eloqua.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ELOQUA=GUID=A19FC9146C534783A26EBA38F50B2A88; ELQSTATUS=OK
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=1179055552&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CP3366-R-MPBRCITCMD-7va-2YUDFRPn_QUdzCoKzjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126bedce34ef478a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5d168b6a2f17071a10acf9f29f674d8b83d8022b3648fa2c2157826adf61950c655021c604030a35555997b7624f77be26bb25cb43e2923ef44c6eaa132c7a14c450ea54e285929c68f37950aa2084ba5f7ff35b7b1a2d18c8c9077af562b7818fbd1910fa0a9fc95df820da75c45b956279f02b01f2040e0228d2595fe69fe0a100ba2f965f980cf64d766dbad1276140023df819958d45a95f60e8e4e47116253bc6f57662d4dd09012b4576190bb98e32606d64f5ac183bd5b4f02d97fe58740f30b9e4f0d58a7dacd9db0ee35fc95f6f6bc9ecc8b6f03dc5d8e23d97320fd9ad9d784a40ff6939ac820876b08de97e8a03fa42ae965d8013d9c56d9c7c71d6da2dc77ad795afedcbbabf4c68af74a8e8a5744e60e3943dcceb13e75a1058830906d092cecccaec9426873ac792f5c638e87b3b6cd7366b8493925f2adca82bf853b5c11fd837ae3d1a0b63fd76f14ddc87f62cf6c72fc45cbfd9929b77895d437ded590413260974d1ba71a51d99819231b0d273fa9e2bca89e0b27c82bfaa596b6b84e75347ddfa0d5104f2e2e524bb6cc3a81fabfd6cf722b22d87008c06ddba58924672a6f7c974232d3e526c520b46eeb8d332c008a5075c5f3bafe53c83c14d52bac18ba8b67ecbefe1f485fcabf14f513dfc4685bf586a8a4b6209cb710b231faa22fa285dbbbfd3699861c9248caa2fc4b90990720b25250162129dc0e1da3a7354990a59879185a9baa152059eb0bd6197cf7379d0ce133c69fa91c55721b72483439c06fe3c9d16c7d515f8ba5ffe89dc97c11370e5f23a7d8371a78eb9aa129564330841d0151536f6fb3686b711cccdc2ae1edf9b95704b6e13ac37b904b454b5806a9f334728493d633f9633c7f56635c61dc7f3f569a8bb289e6861eb5425788de2c30b44ef76f48d19db0338084da25b57f3cbbf1ebd165ec7dd67a2d6dca8925ec81f157407f81c484e8ed24805a836e7e2d379de97bd72022ff32e79575aad4207bfc6b00a1b927e6387c2c553c3d5bacf5922a622fb5a3b44c64f3f6d958d510399dce0caf0f24ea328ac6ec9379ecc5195fff22a2bfdd90391cbfca0cef0cadf6b01dfa4375f9b23805bde4cebe52cacd3df8c32cbc6a7a4a41520cdbfb1ec499705d411432f&cri=JFpDhY30Gl&ts=1709&cb=1713914999226 HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/975652292/?random=1606867032&cv=11&fst=1713914999207&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIImMGxAiIBAUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CM2Ako6n_oyx2gEiEwjx09j2vtmFAxX04v0FHdn_BDEyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzoYaHR0cHM6Ly93d3cudGVsZXJpay5jb20v HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkWuMucKmweOSwmj7RW92pz4PKO8842RtsIxN0p7KUWBRm2nELl74IoNpUN
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=1179055552&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CP3366-R-MPBRCITCMD-7va-2YUDFRPn_QUdzCoKzjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8&is_vtc=1&cid=CAQSKQB7FLtq7vHysrjC5gqiPZ6KwQycqXLSQgcFG2luX6Zwzwi48rP2fAB9&random=4066413161 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?random=1606867032&cv=11&fst=1713914999207&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIImMGxAiIBAUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CM2Ako6n_oyx2gEiEwjx09j2vtmFAxX04v0FHdn_BDEyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzoYaHR0cHM6Ly93d3cudGVsZXJpay5jb20v&is_vtc=1&cid=CAQSKQB7FLtqE4sJQ7vTC2SIeSxPSNMEYUhouSgDttPNJEA17X4d4m_wOclY&random=1703345189 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713914999876&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713914999876&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=1179055552&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CP3366-R-MPBRCITCMD-7va-2YUDFRPn_QUdzCoKzjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8&is_vtc=1&cid=CAQSKQB7FLtq7vHysrjC5gqiPZ6KwQycqXLSQgcFG2luX6Zwzwi48rP2fAB9&random=4066413161 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D
Source: global traffic HTTP traffic detected: GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126bedce34ef478a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5d168b6a2f17071a10acf9f29f674d8b83d8022b3648fa2c2157826adf61950c655021c604030a35555997b7624f77be26bb25cb43e2923ef44c6eaa132c7a14c450ea54e285929c68f37950aa2084ba5f7ff35b7b1a2d18c8c9077af562b7818fbd1910fa0a9fc95df820da75c45b956279f02b01f2040e0228d2595fe69fe0a100ba2f965f980cf64d766dbad1276140023df819958d45a95f60e8e4e47116253bc6f57662d4dd09012b4576190bb98e32606d64f5ac183bd5b4f02d97fe58740f30b9e4f0d58a7dacd9db0ee35fc95f6f6bc9ecc8b6f03dc5d8e23d97320fd9ad9d784a40ff6939ac820876b08de97e8a03fa42ae965d8013d9c56d9c7c71d6da2dc77ad795afedcbbabf4c68af74a8e8a5744e60e3943dcceb13e75a1058830906d092cecccaec9426873ac792f5c638e87b3b6cd7366b8493925f2adca82bf853b5c11fd837ae3d1a0b63fd76f14ddc87f62cf6c72fc45cbfd9929b77895d437ded590413260974d1ba71a51d99819231b0d273fa9e2bca89e0b27c82bfaa596b6b84e75347ddfa0d5104f2e2e524bb6cc3a81fabfd6cf722b22d87008c06ddba58924672a6f7c974232d3e526c520b46eeb8d332c008a5075c5f3bafe53c83c14d52bac18ba8b67ecbefe1f485fcabf14f513dfc4685bf586a8a4b6209cb710b231faa22fa285dbbbfd3699861c9248caa2fc4b90990720b25250162129dc0e1da3a7354990a59879185a9baa152059eb0bd6197cf7379d0ce133c69fa91c55721b72483439c06fe3c9d16c7d515f8ba5ffe89dc97c11370e5f23a7d8371a78eb9aa129564330841d0151536f6fb3686b711cccdc2ae1edf9b95704b6e13ac37b904b454b5806a9f334728493d633f9633c7f56635c61dc7f3f569a8bb289e6861eb5425788de2c30b44ef76f48d19db0338084da25b57f3cbbf1ebd165ec7dd67a2d6dca8925ec81f157407f81c484e8ed24805a836e7e2d379de97bd72022ff32e79575aad4207bfc6b00a1b927e6387c2c553c3d5bacf5922a622fb5a3b44c64f3f6d958d510399dce0caf0f24ea328ac6ec9379ecc5195fff22a2bfdd90391cbfca0cef0cadf6b01dfa4375f9b23805bde4cebe52cacd3df8c32cbc6a7a4a41520cdbfb1ec499705d411432f&cri=JFpDhY30Gl&ts=1709&cb=1713914999226 HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isG
Source: global traffic HTTP traffic detected: GET /json/ HTTP/1.1Host: geo.qualaroo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/javascriptsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/1p-conversion/975652292/?random=1606867032&cv=11&fst=1713914999207&bg=ffffff&guid=ON&async=1&gtm=45je44m0v9167661709za200&gcs=G111&gcd=13v3v3v3v5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&label=p4zxCNq_8IkYEMSLndED&hn=www.googleadservices.com&frm=0&tiba=First%20run&gtm_ee=1&npa=0&pscdl=noapi&auid=571138784.1713914988&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIImMGxAiIBAUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZWIECgICAw&pscrd=CM2Ako6n_oyx2gEiEwjx09j2vtmFAxX04v0FHdn_BDEyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzoYaHR0cHM6Ly93d3cudGVsZXJpay5jb20v&is_vtc=1&cid=CAQSKQB7FLtqE4sJQ7vTC2SIeSxPSNMEYUhouSgDttPNJEA17X4d4m_wOclY&random=1703345189 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /json/ HTTP/1.1Host: geo.qualaroo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D
Source: global traffic HTTP traffic detected: GET /prum.min.js HTTP/1.1Host: rum-static.pingdom.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=PageView&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713915003482&sw=1280&sh=1024&v=2.9.154&r=stable&ec=1&o=4126&fbp=fb.1.1713914994453.110516813&cs_est=true&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /monitor/stat.js HTTP/1.1Host: www.clickcease.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=PageView&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713915003482&sw=1280&sh=1024&v=2.9.154&r=stable&ec=1&o=4126&fbp=fb.1.1713914994453.110516813&cs_est=true&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: trigger, event-source;navigation-sourceReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/ad/f3942e2f1f7d449b81784d171e274880/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tr/?id=1444093252502226&ev=PageView&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713915003482&sw=1280&sh=1024&v=2.9.154&r=stable&ec=1&o=4126&fbp=fb.1.1713914994453.110516813&cs_est=true&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=PageView&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&if=false&ts=1713915003482&sw=1280&sh=1024&v=2.9.154&r=stable&ec=1&o=4126&fbp=fb.1.1713914994453.110516813&cs_est=true&ler=empty&cdl=API_unavailable&it=1713914999827&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/ad/f3942e2f1f7d449b81784d171e274880/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=36b4f4d4-fcfc-4db7-bd89-13f79635ad81&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nurcc&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=5e062168-5662-416c-a314-a9a718dcb2e9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzcii&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=36b4f4d4-fcfc-4db7-bd89-13f79635ad81&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nurcc&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=5e062168-5662-416c-a314-a9a718dcb2e9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzcii&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/beacon.gif?id=54328dddabe53db9497b23c6&sAW=1280&sAH=984&bIW=1034&bIH=870&pD=24&dPR=1&or=landscape-primary&nT=1&rC=0&nS=0&cS=13&cE=434&dLE=13&dLS=13&fS=4&hS=14&rE=-1&rS=-1&reS=434&resS=1091&resE=1520&uEE=1137&uES=1137&dL=1156&dI=1751&dCLES=1751&dCLEE=1754&dC=8300&lES=8308&lEE=8310&s=nt&title=First%20run&path=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&sId=zaewourn&sST=1713915006&sIS=1&rV=0&v=1.4.1 HTTP/1.1Host: rum-collector-2.pingdom.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telerik.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-1&cid=925834404.1713914987&jid=1790868512&_u=SDCACEABBAAAACAFKC~&z=1680824539 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-74&cid=925834404.1713914987&jid=2072956638&_u=SDCACEABBAAAACAFKCC~&z=1106341662 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=36b4f4d4-fcfc-4db7-bd89-13f79635ad81&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nurcc&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=3abd0117-8616-47bc-b0c5-4851d8992a3b
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=5e062168-5662-416c-a314-a9a718dcb2e9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzcii&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=2564eebd-51b1-4e03-af7f-2c96a59d2ba3
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=36b4f4d4-fcfc-4db7-bd89-13f79635ad81&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nurcc&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: personalization_id="v1_VKT6toCZV7gBM4gxlYfjrQ=="
Source: global traffic HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=5e062168-5662-416c-a314-a9a718dcb2e9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9302dcdc-8363-4b82-9a49-9b54042acc7e&tw_document_href=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzcii&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: personalization_id="v1_cReNRV+lMPRPVyw8C6pyMA=="
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-1&cid=925834404.1713914987&jid=1790868512&_u=SDCACEABBAAAACAFKC~&z=1680824539 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111455-74&cid=925834404.1713914987&jid=2072956638&_u=SDCACEABBAAAACAFKCC~&z=1106341662 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/beacon.gif?id=54328dddabe53db9497b23c6&sAW=1280&sAH=984&bIW=1034&bIH=870&pD=24&dPR=1&or=landscape-primary&nT=1&rC=0&nS=0&cS=13&cE=434&dLE=13&dLS=13&fS=4&hS=14&rE=-1&rS=-1&reS=434&resS=1091&resE=1520&uEE=1137&uES=1137&dL=1156&dI=1751&dCLES=1751&dCLEE=1754&dC=8300&lES=8308&lEE=8310&s=nt&title=First%20run&path=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&sId=zaewourn&sST=1713915006&sIS=1&rV=0&v=1.4.1 HTTP/1.1Host: rum-collector-2.pingdom.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico?v=rebv1 HTTP/1.1Host: www.telerik.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telerik.com/download/fiddler/first-runAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; ki_r=; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9; sid=/pU34nM7xcF1a1i8u1OTxx/5J7bGqqAKXB2hXQOSALC5RJ2vae2gTRMWBg3kyy445Vdm0qRGnvVHMEEoR6SE1I1o0VOa/z9xqn/whm5Vqb40haS8tZDTwRx1NODFFQTPT3eFyQBOkyaTEQw3mN7RJIPVp00=; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _clck=1wlli9p%7C2%7Cfl6%7C0%7C1574; _clsk=eu7kl0%7C1713915002285%7C1%7C1%7Cd.clarity.ms%2Fcollect; ki_t=1713914995146%3B1713914995146%3B1713915003452%3B1%3B2; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /favicon.ico?v=rebv1 HTTP/1.1Host: www.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-tracking-consent=true; sf-prs-ss=638495117894670000; sf-prs-lu=https://www.telerik.com/download/fiddler/first-run; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; elqUserId=a19fc914-6c53-4783-a26e-ba38f50b2a88; _uetsid=62ec1d5001c911ef8802d7a3fb1ea1ce; _uetvid=62ec671001c911ef89dd470cec5d38bd; _fbp=fb.1.1713914994453.110516813; ki_r=; sf-ins-pv-id=eef0eedd-b11e-465f-ae5a-179b4f5e0fb9; sid=/pU34nM7xcF1a1i8u1OTxx/5J7bGqqAKXB2hXQOSALC5RJ2vae2gTRMWBg3kyy445Vdm0qRGnvVHMEEoR6SE1I1o0VOa/z9xqn/whm5Vqb40haS8tZDTwRx1NODFFQTPT3eFyQBOkyaTEQw3mN7RJIPVp00=; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _clck=1wlli9p%7C2%7Cfl6%7C0%7C1574; _clsk=eu7kl0%7C1713915002285%7C1%7C1%7Cd.clarity.ms%2Fcollect; ki_t=1713914995146%3B1713914995146%3B1713915003452%3B1%3B2; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /mon HTTP/1.1Host: obseu.ytwohlcq.telerik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gauuid=ab4f4920-d85c-474f-a63e-5eb329c1b0f2; _gid=GA1.2.1225407003.1713914987; _dc_gtm_UA-111455-1=1; _dc_gtm_UA-111455-74=1; _gcl_au=1.1.571138784.1713914988; _cq_duid=1.1713914987.ttMfVwhY9k56diVz; _cq_suid=1.1713914987.pGYyDePOB7d0lADU; gaClientId=925834404.1713914987; sf-data-intell-subject=1713914989469-091773f3-900a-45d2-be08-a1d5b45dfe42; sf-ins-ssid=1713914989469-1577d358-cc84-4a51-bfa9-1082a2e5a7de; _hjSession_66905=eyJpZCI6IjlmYjI0YTZlLTcwMTUtNDQ2OS05MjYyLTk3M2EyMzEwYmY4NiIsImMiOjE3MTM5MTQ5ODk1NzAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; cg_uuid=490a579c4dfc5a03b8ee2ef3e0a6a990; _fbp=fb.1.1713914994453.110516813; _hjSessionUser_66905=eyJpZCI6ImNhYTQ4N2YxLWIzOWUtNWM5ZS1hODIzLWE2ZGY2YmJjYjkxMyIsImNyZWF0ZWQiOjE3MTM5MTQ5ODk1NjksImV4aXN0aW5nIjp0cnVlfQ==; _ga=GA1.2.925834404.1713914987; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Apr+24+2024+01%3A29%3A59+GMT%2B0200+(Central+European+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=6e4ff5a7-98c9-40d3-ace0-ea7f367e8906&interactionCount=1&landingPath=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1; _cq_pxg=3|n15624902978738937898069555|975652292|event=conversion; _ga_9JSNBCSF54=GS1.1.1713914987.1.1.1713914999.48.0.0; prgs_utm=%7B%22referrer%22%3A%22https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run%22%7D; _gat_UA-111455-1=1; _gat_UA-111455-74=1
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dswWbrh3M+huW3O&MD=8amD1xGW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /r/?Fiddler2FirstRun HTTP/1.1Host: fiddler2.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /download/fiddler/first-run HTTP/1.1Host: www.telerik.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: chromecache_301.27.dr String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: fiddler2.com
Source: unknown HTTP traffic detected: POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-111455-74&cid=925834404.1713914987&jid=629508174&gjid=478797266&_gid=1225407003.1713914987&_u=aGDAiEABBAAAAGAFKC~&z=1747705249 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plainAccept: */*Origin: https://www.telerik.comX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telerik.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 Apr 2024 23:30:01 GMTContent-Type: text/html; charset=utf-8Content-Length: 235Connection: closeAccess-Control-Allow-Headers: Content-Type, Content-Length, X-Requested-With, Authorization, x-dataintelligence-accountkey, x-dataintelligence-datacenterkey, x-dataintelligence-datasource, x-dataintelligence-sort, x-dataintelligence-skip, x-dataintelligence-take, x-dataintelligence-fields, x-dataintelligence-count, x-dataintelligence-filterby, x-dataintelligence-filter, x-dataintelligence-contains, x-dataintelligence-nextrowkey, x-dataintelligence-flush, x-dataintelligence-fromdate, x-dataintelligence-todate, x-dataintelligence-period, x-dataintelligence-scale, x-dataintelligence-predicate, x-dataintelligence-subject, x-dataintelligence-ids, x-dataintelligence-datasources, x-dataintelligence-imagecrop, x-dataintelligence-contacts, x-forwarded-for, x-dataintelligence-sdk-version, Referer, Origin, x-dataintelligence-clientid, x-dataintelligence-campaignids, x-dataintelligence-userid, x-dataintelligence-errorid, x-dataintelligence-correlationid, cf-connecting-ip, x-forwarded-for, http_x_forwarded_for, x-forwarded, x-cluster-client-ip, forwarded-for, forwarded, remote_addr, client-ipAccess-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONSAccess-Control-Allow-Origin: *request-context: appId=cid-v1:a33f2e3a-ec15-4d53-8ac6-897af884626bContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/DetailsView.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Focus.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/GridView.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/Menu.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/MenuStandards.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/TreeView.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/WebForms.js
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/WebParts.jsT
Source: System.Web.dll.35.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/4.6/1/WebUIValidation.jsT
Source: chromecache_292.27.dr String found in binary or memory: http://ajax.cdnjs.com/ajax/libs/json2/20110223/json2.js
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bayden.com/meddler/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bit.ly/29O65sI
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bit.ly/29VDtCe
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://blogs.msdn.com/b/fiddler/archive/2011/11/05/http-expect-continue-delays-transmitting-post-bod
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blogs.msdn.com/ieinternals/archive/2009/07/20/Using-post_2D00_check-and-pre_2D00_check-cache-
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://browserscope2.org/browse?category=selectors&ua=Mobile%20Safari
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://commons.apache.org/proper/commons-compress/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe, Fiddler.exe.3.dr, FiddlerOrchestra.Protocol.dll.3.dr, SetupHelper.3.dr, FiddlerOrchestra.Utilities.dll.3.dr, Timeline.dll.3.dr String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0B
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/S
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://diveintohtml5.info/offline.html
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://diveintohtml5.info/offline.htmlO
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.telerik.com/fiddler/configure-fiddler/tasks/configurefiddlerURLUpdateInfohttp://www.tele
Source: System.Data.SqlXml.dll.29.dr String found in binary or memory: http://exslt.org/common
Source: Fiddler.exe.3.dr String found in binary or memory: http://fiddler.wikidot.com/prefs
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://fiddler2.com/fiddlercore
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRun
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunP
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunR
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRun_
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunert
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunfbw
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunl
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunlv
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunopenDetectedBrowsererrorShellExecExhttp://fiddler2.com/r/?Fid
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?Fiddler2FirstRunz
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?FiddlerLog
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?FiddlerSandboxSOFTWARE
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?SYNTAXVIEWINSTALL
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, EnableLoopback.exe.72.dr String found in binary or memory: http://fiddler2.com/r/?WIN8ELo
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://fiddler2.com/r/?fiddlercolumns
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?fiddlerscriptcookbook
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?id=bitness
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?id=bitness)
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fiddler2.com/r/?msdnjsnet
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://fiddler2.com/r/?quickexec
Source: Fiddler.pdb.3.dr String found in binary or memory: http://fiddler2.com/surveys/SurveysBaseUri
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://getfiddler.com/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://groups.google.com/group/http-archive-specification
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://groups.google.com/group/http-archive-specification/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://james.newtonking.com/projects/json
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://nsis.sourceforge.net/Main_Page
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://ocsp.entrust.net01
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ocsp.entrust.net02
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ocsp.entrust.net03
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe, Fiddler.exe.3.dr, FiddlerOrchestra.Protocol.dll.3.dr, SetupHelper.3.dr, FiddlerOrchestra.Utilities.dll.3.dr, Timeline.dll.3.dr String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ocsp.thawte.com0
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://rb.symcb.com/rb.crl0a
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://rb.symcb.com/rb.crt0
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://rb.symcd.com0&
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://s.symcd.com0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://s.symcd.com06
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://s2.symcb.com0
Source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe, Fiddler.exe.3.dr, FiddlerOrchestra.Protocol.dll.3.dr, SetupHelper.3.dr, FiddlerOrchestra.Utilities.dll.3.dr, Timeline.dll.3.dr String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sourceforge.net/projects/hexbox/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://sv.symcd.com0&
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr String found in binary or memory: http://www.URLtoDownloadFrom.net
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bouncycastle.org)
Source: QWhale.Syntax.Parsers.dll0.3.dr String found in binary or memory: http://www.businessobjects.com/products/dev_zone/net/default.asp
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bzip.org/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr String found in binary or memory: http://www.contoso.com/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr String found in binary or memory: http://www.contoso.com/books.xml
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://www.entrust.net/rpa0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://www.entrust.net/rpa03
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fatcow.com/free-icons
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fiddler2.com/sandbox/FormAndCookie.asp
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fiddlerbook.com/fiddler/help/http/headers.asp?query=
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://www.google-analytics.com/collect
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://www.google-analytics.com/debug/collect
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://www.google.com/bot.html)
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, SampleRules.cs.3.dr String found in binary or memory: http://www.google.com/search?hl=en&btnI=I%27m
Source: Fiddler.exe.3.dr String found in binary or memory: http://www.host.com/filepath?query.
Source: Fiddler.exe.3.dr String found in binary or memory: http://www.host.com/filepath?query.v
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iis.net/community/Performance
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Common.dll.3.dr, QWhale.Common.dll0.3.dr String found in binary or memory: http://www.qwhale.net
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.qwhale.net/products/editor.htm
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr String found in binary or memory: http://www.someserver.com/upload.aspx
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe String found in binary or memory: http://www.telerik.com/fiddler
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: http://www.telerik.com/fiddler/fiddlercore0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.telerik.com/fiddler0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2523777255.000000000019A000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://www.telerik.com/purchase/fiddler
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2523777255.000000000019A000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://www.telerik.com/purchase/license-agreement/fiddler-enterprise-support
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: http://www.telerik.com0
Source: System.Deployment.dll.31.dr String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: chromecache_301.27.dr String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_301.27.dr String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_340.27.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_301.27.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_274.27.dr String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: chromecache_274.27.dr String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: chromecache_274.27.dr String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2V2Data.json
Source: chromecache_274.27.dr String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: chromecache_274.27.dr String found in binary or memory: https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, GA.Analytics.Monitor.dll0.3.dr, Telerik.NetworkConnections.dll.3.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/rpa0.
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: https://d.symcb.com/rpa06
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/FiddlerOrchestra/Clients/FiddlerOrchestra.Client.Android.apk
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/FiddlerOrchestra/Clients/FiddlerOrchestra.Client.Android.apk%BtnToogleListening
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/FiddlerOrchestra/Clients/FiddlerOrchestra.Client.NetCore.WindowsMacLinux.zip
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/r/?GetDotNet4Compatible
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/r/?GetDotNet4open
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fiddler2.com/r/?credits
Source: chromecache_274.27.dr String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/zopfli/commit/720b20e8db19ea90b38edce82aca52815edf8c1a
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/zopfli0
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ymnk/jzlib
Source: chromecache_301.27.dr String found in binary or memory: https://google.com
Source: chromecache_301.27.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_301.27.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_301.27.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_292.27.dr String found in binary or memory: https://servicestack.net
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: https://ssl.google-analytics.com/collect
Source: GA.Analytics.Monitor.dll0.3.dr String found in binary or memory: https://ssl.google-analytics.com/debug/collect
Source: chromecache_340.27.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_340.27.dr String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_301.27.dr String found in binary or memory: https://td.doubleclick.net
Source: chromecache_302.27.dr String found in binary or memory: https://www.clarity.ms/tag/uet/
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe, Fiddler.exe.3.dr, FiddlerOrchestra.Protocol.dll.3.dr, SetupHelper.3.dr, FiddlerOrchestra.Utilities.dll.3.dr, Timeline.dll.3.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: chromecache_340.27.dr String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_340.27.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_340.27.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_301.27.dr String found in binary or memory: https://www.google.com
Source: chromecache_340.27.dr String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_301.27.dr String found in binary or memory: https://www.googleadservices.com
Source: chromecache_301.27.dr String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_340.27.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.nuget.org/packages/DotNetZip/
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.progress.com/legal/privacy-policy).
Source: chromecache_292.27.dr String found in binary or memory: https://www.telerik.com/RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd375
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.telerik.com/blogs/a-brief-user-guide-on-fiddler-orchestra?utm_medium=product&utm_source=
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.telerik.com/blogs/fiddlercore-for-net-standard-and-fiddler-orchestra-the-future-of-fiddl
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe, Fiddler.exe.3.dr, FiddlerOrchestra.Protocol.dll.3.dr, SetupHelper.3.dr, FiddlerOrchestra.Utilities.dll.3.dr, Timeline.dll.3.dr String found in binary or memory: https://www.telerik.com/fiddler0
Source: chromecache_292.27.dr String found in binary or memory: https://www.telerik.com/kendo-ui
Source: chromecache_292.27.dr String found in binary or memory: https://www.telerik.com/sfimages/default-source/productsimages/kendo-ui-complete/kendoka_icon.png?sf
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown HTTPS traffic detected: 23.1.102.27:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.1.102.27:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49958 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_004056E5 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 1_2_004056E5

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED Matched rule: Detects zgRAT Author: ditekSHen
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_004034FC
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_00403645
Creates files inside the system directory
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\8e9f4b8ba90f0dd7ead0f6d3724d12f0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\8e9f4b8ba90f0dd7ead0f6d3724d12f0\Microsoft.JScript.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\0bc179a6f5376dabed45d64773e7a963
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\0bc179a6f5376dabed45d64773e7a963\System.Web.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\b5d4608754b2d1d4f1d2d3c00cbcdfe0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\b5d4608754b2d1d4f1d2d3c00cbcdfe0\System.Runtime.Caching.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\9c63130543c9d395491387159924bf83
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\9c63130543c9d395491387159924bf83\System.Web.RegularExpressions.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e6264fe3334740cf9e7da3afc7d524cc
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e6264fe3334740cf9e7da3afc7d524cc\System.Design.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\058b5c6d514044e05b07d4b113045f72
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\058b5c6d514044e05b07d4b113045f72\System.Data.OracleClient.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\1add9b3a6e41e9922f7c95ebd442ed4e
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\1add9b3a6e41e9922f7c95ebd442ed4e\System.Drawing.Design.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\51cf3243e3f9124c32bc8614b4bcda4e
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\51cf3243e3f9124c32bc8614b4bcda4e\System.Web.ApplicationServices.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\70bed732cba41d298e54cc0a935a935b
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\70bed732cba41d298e54cc0a935a935b\System.ComponentModel.DataAnnotations.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\a2886f8a05c8adae3050b95af3970e92
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\a2886f8a05c8adae3050b95af3970e92\System.DirectoryServices.Protocols.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\aa6a3ae1d00b1eb221bba5375e6387b1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\aa6a3ae1d00b1eb221bba5375e6387b1\System.ServiceModel.Internals.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\1936f2ecbcf18cda53f04b49073cf801
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\1936f2ecbcf18cda53f04b49073cf801\SMDiagnostics.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\7192d8df2c3d8228b392f5912e16ebc2
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\7192d8df2c3d8228b392f5912e16ebc2\Microsoft.Build.Utilities.v4.0.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\3f8d7f63514ceeaa11244b3e16a3ea5c
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\3f8d7f63514ceeaa11244b3e16a3ea5c\Microsoft.Build.Framework.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\59a1f5e7ac4b0e905803332438ede0a4
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\59a1f5e7ac4b0e905803332438ede0a4\EnableLoopback.ni.exe.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce1e4670373608336100bea63bbc8990
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce1e4670373608336100bea63bbc8990\System.Numerics.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp
Deletes files inside the Windows folder
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File deleted: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c50-0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00406C3F 1_2_00406C3F
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00406DA0 3_2_00406DA0
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: DotNetZip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformBlock'
Source: DotNetZip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock'
Source: DotNetZip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr Binary or memory string: QWhale.Syntax.Parsers.VbParser.resources
Source: System.Web.dll.35.dr Binary or memory string: *.sln
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr Binary or memory string: Images.VbParser.bmp
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr Binary or memory string: QWhale.Syntax.Parsers.VbParser
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr Binary or memory string: QWhale.Syntax.Parsers.Images.VbParser.bmp
Source: classification engine Classification label: mal40.troj.evad.winEXE@137/328@120/40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_004034FC
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_00403645
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00404991 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 1_2_00404991
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_004021AF CoCreateInstance, 1_2_004021AF
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:7508:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7276:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7252:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7224:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe File created: C:\Users\user~1\AppData\Local\Temp\nsoE408.tmp Jump to behavior
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Process created: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe "C:\Users\user~1\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe" /D=
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper "C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\user\AppData\Local\Programs\Fiddler"
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://fiddler2.com/r/?Fiddler2FirstRun
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2244,i,18061082204408847072,8654867018620333004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 260 -Pipe 268 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 270 -Pipe 278 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 280 -Pipe 288 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 290 -Pipe 298 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2dc -Pipe 264 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2fc -Pipe 290 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 26c -Pipe 2c8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 294 -Pipe 304 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 264 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2dc -Pipe 304 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 330 -Pipe 328 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 320 -Pipe 30c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 18c -Pipe 330 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 280 -Pipe 270 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 324 -Pipe 2f4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 328 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 338 -Pipe 18c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 320 -Pipe 334 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 34c -Pipe 31c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 354 -Pipe 328 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 340 -Pipe 360 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 370 -Pipe 36c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 3a8 -Pipe 3b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3cc -Pipe 394 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 384 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 280 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3a4 -Pipe 370 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 3c4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3ec -Pipe 3c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3bc -Pipe 3b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 3d4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 388 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 268 -Pipe 2bc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 264 -Pipe 26c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 300 -Pipe 334 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Process created: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe "C:\Users\user~1\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe" /D= Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper "C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\user\AppData\Local\Programs\Fiddler" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://fiddler2.com/r/?Fiddler2FirstRun Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 260 -Pipe 268 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 270 -Pipe 278 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 280 -Pipe 288 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 290 -Pipe 298 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2dc -Pipe 264 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2fc -Pipe 290 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 26c -Pipe 2c8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 294 -Pipe 304 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2ec -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 264 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2dc -Pipe 304 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 330 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 320 -Pipe 30c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 18c -Pipe 330 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 280 -Pipe 270 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 324 -Pipe 2f4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 338 -Pipe 18c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 320 -Pipe 334 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 34c -Pipe 31c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 354 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 340 -Pipe 360 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 370 -Pipe 36c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 3a8 -Pipe 3b0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3cc -Pipe 394 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 384 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3e8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 280 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3a4 -Pipe 370 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 3c4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3e0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3ec -Pipe 3c0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3ec -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3bc -Pipe 3b8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3a0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 3d4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3b8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 388 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3e4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 268 -Pipe 2bc -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 264 -Pipe 26c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 300 -Pipe 334 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=2244,i,18061082204408847072,8654867018620333004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 264 -Pipe 26c -Comment "NGen Worker Process"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 264 -Comment "NGen Worker Process"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: fusion.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: fusion.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Section loaded: wofutil.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Automated click: I Agree
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Automated click: Install
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fiddler2 Jump to behavior
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static file information: File size 4632256 > 1048576
Source: SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: Extract: Fiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\GitHub\fiddler\Fiddler2\Common\ExecAction\v4\obj\x86\Release\ExecAction.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\RulesTab2\obj\Release Signed\RulesTab2.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\SimpleFilter\obj\Release Signed\SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.SqlXml.ni.pdb source: System.Data.SqlXml.dll.29.dr
Source: Binary string: C:\Jenkins\NetworkConnections_Release\workspace\src\Telerik.NetworkConnections\Telerik.NetworkConnections.Windows\obj\Release\net40\Telerik.NetworkConnections.Windows.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Jenkins\NetworkConnections_Release\workspace\src\Telerik.NetworkConnections\Telerik.NetworkConnections\obj\Release\net40\Telerik.NetworkConnections.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Telerik.NetworkConnections.dll.3.dr
Source: Binary string: \ScriptEditorFSE2.exe.configBasicFormats.dllBasicFormats.pdbVSWebTestExport.dllVSWebTestExport.pdbWarning: Failed to write one or more files. source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: BasicFormats.pdbu source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.Design.ni.pdb source: System.Drawing.Design.dll.42.dr
Source: Binary string: Extract: EnableLoopback.pdb2A source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.Schemes.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Schemes.dll.3.dr
Source: Binary string: ler\Analytics.pdb\*.* source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\telerik\fiddler\ThirdParty\zopfli\Release\Zopfli.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.Parsers.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.Parsers.dll0.3.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.pdb\*.* source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Numerics.ni.pdb source: System.Numerics.dll.75.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\PngDistill\obj\Release Signed\PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\EnableLoopback\obj\Release Signed\EnableLoopback.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, EnableLoopback.exe.72.dr
Source: Binary string: System.Deployment.ni.pdb source: System.Deployment.dll.31.dr
Source: Binary string: \Tools\PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdbRSDS source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: Extract: FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \ScriptEditor\Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Runtime.Caching.ni.pdbRSDS source: System.Runtime.Caching.dll.37.dr
Source: Binary string: \ImportExport\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \UpdateFiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \ImportExport\BasicFormats.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: \Scripts\FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: -: Completederik Fiddler Classicemp\nsx8D7.tmp\System.dll, 0) .r9lerxport.pdb\*.**.*kConnections.Windows.dll\*.*" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler" source: FiddlerSetup.exe, 00000003.00000002.2524271016.0000000000427000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Extract: TrustCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: Timeline.pdbI source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Local\.dll.pdb source: System.Web.dll.35.dr
Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: PngDistill.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\JenkinsHome\jobs\AnalyticsReleaseBuild\workspace\Telerik.FJ.Analytics\GA.Analytics.Monitor\obj\Release\GA.Analytics.Monitor.pdbg source: GA.Analytics.Monitor.dll0.3.dr
Source: Binary string: System.ServiceModel.Internals.ni.pdbRSDS source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: System.Numerics.ni.pdbRSDSautg source: System.Numerics.dll.75.dr
Source: Binary string: *?|<>/":%s%S.dllCallers\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dllort\VSWebTestExport.pdb\*.**.*kConnections.Windows.dll\*.*C:\Users\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dll2t\VSWebTestExport.pdbdlltworkConnections.Windows.dllFalsers\user~1\AppData\Local\Temp\nsx8D7.tmpr/tasks/configurefiddler.exe"ppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"Trueers\user~1\AppData\Local\Temp\nsx8D7.tmp\System.dlltor\FSE2.exe source: FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Qcddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Drawing.Design.pdb source: System.Drawing.Design.dll.42.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\Timeline\obj\Release Signed\Timeline.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, Timeline.dll.3.dr
Source: Binary string: FiddlerOrchestra.Protocol.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Protocol.dll.3.dr
Source: Binary string: System.Numerics.pdb source: System.Numerics.dll.75.dr
Source: Binary string: SWebTestExport.pdbllx source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000064A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\BasicFormats\obj\Release Signed\BasicFormats.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: FiddlerOrchestra.Protocol.pdbSHA256q source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Protocol.dll.3.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler\FiddlerOrchestra\FiddlerOrchestra.Addon\obj\Release\FiddlerOrchestra.Addon.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: EnableLoopback.ni.pdbRSDS source: EnableLoopback.exe.72.dr
Source: Binary string: System.ServiceModel.Internals.pdb source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: \Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.Data.SqlXml.ni.pdbRSDS2 source: System.Data.SqlXml.dll.29.dr
Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.3.dr
Source: Binary string: System.EnterpriseServices.Wrapper.ni.pdb source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: Extract: Analytics.pdbb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Caching.pdb source: System.Runtime.Caching.dll.37.dr
Source: Binary string: \Scripts\Timeline.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: System.ServiceModel.Internals.ni.pdb source: System.ServiceModel.Internals.dll.46.dr
Source: Binary string: \ScriptEditor\GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Syntax.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Syntax.dll.3.dr
Source: Binary string: Extract: Analytics.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Fiddler.pdb source: Fiddler.exe.3.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\VSWebTestExport\obj\Release Signed\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.EnterpriseServices.Wrapper.ni.pdbRSDS source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: \GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Editor.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Editor.dll1.3.dr
Source: Binary string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003port\VSWebTestExport.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.pdb\*.*Ii source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.EnterpriseServices.Wrapper.pdb source: System.EnterpriseServices.Wrapper.dll.36.dr
Source: Binary string: \Fiddler.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: Would you like to go download manually now?https://fiddler2.com/r/?GetDotNet4open https://fiddler2.com/r/?GetDotNet4Compatible .NET Framework/Service Pack found.Installing Progress Telerik Fiddler Classic2500Fiddler.exe.configFiddler.pdbSetupHelperTrustCert.exeTrustCert.pdbInstalling Dependencies... source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \EnableLoopback.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: FiddlerOrchestra.Connection.pdbSHA256' source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \TrustCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: C:\JenkinsHome\jobs\AnalyticsReleaseBuild\workspace\Telerik.FJ.Analytics\GA.Analytics.Monitor\obj\Release\GA.Analytics.Monitor.pdb source: GA.Analytics.Monitor.dll0.3.dr
Source: Binary string: \Inspectors\Be.Windows.Forms.HexBox.dllAnalytics.dllAnalytics.pdbGA.Analytics.Monitor.dllGA.Analytics.Monitor.pdbNewtonsoft.Json.dllDotNetZip.dll source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Deployment.ni.pdbRSDS source: System.Deployment.dll.31.dr
Source: Binary string: F:\Projects\Dot.NET\SVN\Editor.NET\source\obj\Release\QWhale.Common.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.00000000027DA000.00000004.00000020.00020000.00000000.sdmp, QWhale.Common.dll.3.dr, QWhale.Common.dll0.3.dr
Source: Binary string: EnableLoopback.ni.pdb source: EnableLoopback.exe.72.dr
Source: Binary string: FiddlerOrchestra.Utilities.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Utilities.dll.3.dr
Source: Binary string: System.Deployment.pdb source: System.Deployment.dll.31.dr
Source: Binary string: EnableLoopback.exeEnableLoopback.pdbApp.icoCountdown.wavLoadScript.wavLoadScriptError.wavNOTICES.txtScreenshot.wavcredits.txtsaz.ico source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: System.Drawing.Design.ni.pdbRSDS source: System.Drawing.Design.dll.42.dr
Source: Binary string: MakeCert.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\src\JPEGXR2PNG\JPEGXR2PNG\obj\Release\JXR2PNG.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, JXR2PNG.exe.3.dr
Source: Binary string: FiddlerOrchestra.Connection.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Data.SqlXml.pdb source: System.Data.SqlXml.dll.29.dr
Source: Binary string: \ToolsPngDistill.exePngDistill.pdbInstalling FiddlerExtensions...SimpleFilter.dllSimpleFilter.pdbTimeline.dllTimeline.pdbRulesTab2.dllQWhale.Syntax.Parsers.dllInstalling Fiddler Orchestra addon...FiddlerOrchestra.Addon.dllFiddlerOrchestra.Addon.pdbFiddlerOrchestra.Connection.dllFiddlerOrchestra.Protocol.dllFiddlerOrchestra.Utilities.dllnetstandard.dll source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Caching.ni.pdb source: System.Runtime.Caching.dll.37.dr
Source: Binary string: Extract: VSWebTestExport.pdb1 source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Scripts\SimpleFilter.pdb source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp
Source: Binary string: FiddlerOrchestra.Utilities.pdbSHA256 source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp, FiddlerOrchestra.Utilities.dll.3.dr
Source: Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.77.dr
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\BundledExtensions\BasicFormats\obj\Release Signed\BasicFormats.pdbl source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002ADB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\GA.Analytics.Monitor.pdb source: FiddlerSetup.exe, 00000003.00000002.2525824876.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fiddler-classic\fiddler-classic\Fiddler2\Fiddler.SetupHelper\obj\Release Signed\Fiddler.SetupHelper.pdb source: SetupHelper, 00000013.00000000.1360771425.0000000000772000.00000002.00000001.01000000.0000000A.sdmp, SetupHelper.3.dr
Binary contains a suspicious time stamp
Source: Newtonsoft.Json.dll.3.dr Static PE information: 0xAB33B375 [Fri Jan 7 02:56:53 2061 UTC]
PE file contains sections with non-standard names
Source: Brotli.exe.3.dr Static PE information: section name: .eh_fram
Source: DotNetZip.dll.3.dr Static PE information: section name: .text entropy: 6.825415353860575
Drops PE files
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c0c-0\Microsoft.Build.Utilities.v4.0.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cd8-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1280-0\System.Web.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.Wrapper.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Brotli.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Connection.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Syntax.Schemes.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\70bed732cba41d298e54cc0a935a935b\System.ComponentModel.DataAnnotations.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\GA.Analytics.Monitor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c68-0\System.Deployment.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\Standard.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.Parsers.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\RulesTab2.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\59a1f5e7ac4b0e905803332438ede0a4\EnableLoopback.ni.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\netstandard.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe File created: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Addon.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1edc-0\Microsoft.Build.Framework.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\Analytics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\8e9f4b8ba90f0dd7ead0f6d3724d12f0\Microsoft.JScript.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\058b5c6d514044e05b07d4b113045f72\System.Data.OracleClient.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\dwebp.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11ac-0\EnableLoopback.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Utilities.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c44-0\System.Deployment.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Plugins\NetworkConnections\Telerik.NetworkConnections.Windows.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\0bc179a6f5376dabed45d64773e7a963\System.Web.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Editor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.Wrapper.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce1e4670373608336100bea63bbc8990\System.Numerics.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ForceCPU.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\a2886f8a05c8adae3050b95af3970e92\System.DirectoryServices.Protocols.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1958-0\System.ComponentModel.DataAnnotations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Syntax.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\b5d4608754b2d1d4f1d2d3c00cbcdfe0\System.Runtime.Caching.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c30-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\SimpleFilter.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e6264fe3334740cf9e7da3afc7d524cc\System.Design.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1e44-0\System.Security.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\SyntaxView.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\TrustCert.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\PngDistill.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\780-0\System.Runtime.Caching.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\BasicFormats.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\240-0\SMDiagnostics.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ExecAction.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Analytics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a58-0\System.DirectoryServices.Protocols.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\1936f2ecbcf18cda53f04b49073cf801\SMDiagnostics.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1454-0\System.Numerics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1408-0\System.Drawing.Design.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b64-0\System.ServiceModel.Internals.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Editor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cec-0\System.Security.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b18-0\System.Web.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\Timeline.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\1add9b3a6e41e9922f7c95ebd442ed4e\System.Drawing.Design.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\51cf3243e3f9124c32bc8614b4bcda4e\System.Web.ApplicationServices.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Be.Windows.Forms.HexBox.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\JXR2PNG.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Protocol.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Common.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1260-0\System.Design.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.Parsers.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\3f8d7f63514ceeaa11244b3e16a3ea5c\Microsoft.Build.Framework.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1f24-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1090-0\System.Data.OracleClient.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\604-0\System.Web.ApplicationServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Temp\nsx8D7.tmp\System.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\7192d8df2c3d8228b392f5912e16ebc2\Microsoft.Build.Utilities.v4.0.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\DotNetZip.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\aa6a3ae1d00b1eb221bba5375e6387b1\System.ServiceModel.Internals.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\172c-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\uninst.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\744-0\Microsoft.JScript.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Zopfli.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\makecert.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\9c63130543c9d395491387159924bf83\System.Web.RegularExpressions.ni.dll (copy) Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c0c-0\Microsoft.Build.Utilities.v4.0.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cd8-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a58-0\System.DirectoryServices.Protocols.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1280-0\System.Web.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.Wrapper.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\1936f2ecbcf18cda53f04b49073cf801\SMDiagnostics.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\70bed732cba41d298e54cc0a935a935b\System.ComponentModel.DataAnnotations.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1454-0\System.Numerics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c68-0\System.Deployment.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1408-0\System.Drawing.Design.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b64-0\System.ServiceModel.Internals.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\59a1f5e7ac4b0e905803332438ede0a4\EnableLoopback.ni.exe (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cec-0\System.Security.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1edc-0\Microsoft.Build.Framework.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b18-0\System.Web.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\8e9f4b8ba90f0dd7ead0f6d3724d12f0\Microsoft.JScript.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\058b5c6d514044e05b07d4b113045f72\System.Data.OracleClient.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\1add9b3a6e41e9922f7c95ebd442ed4e\System.Drawing.Design.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\51cf3243e3f9124c32bc8614b4bcda4e\System.Web.ApplicationServices.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11ac-0\EnableLoopback.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c44-0\System.Deployment.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\0bc179a6f5376dabed45d64773e7a963\System.Web.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1260-0\System.Design.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.Wrapper.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce1e4670373608336100bea63bbc8990\System.Numerics.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\3f8d7f63514ceeaa11244b3e16a3ea5c\Microsoft.Build.Framework.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1f24-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\a2886f8a05c8adae3050b95af3970e92\System.DirectoryServices.Protocols.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1958-0\System.ComponentModel.DataAnnotations.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1090-0\System.Data.OracleClient.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\604-0\System.Web.ApplicationServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\b5d4608754b2d1d4f1d2d3c00cbcdfe0\System.Runtime.Caching.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c30-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\7192d8df2c3d8228b392f5912e16ebc2\Microsoft.Build.Utilities.v4.0.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\aa6a3ae1d00b1eb221bba5375e6387b1\System.ServiceModel.Internals.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\172c-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e6264fe3334740cf9e7da3afc7d524cc\System.Design.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1e44-0\System.Security.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\744-0\Microsoft.JScript.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\780-0\System.Runtime.Caching.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\9c63130543c9d395491387159924bf83\System.Web.RegularExpressions.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\240-0\SMDiagnostics.dll Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SetupHelper.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Local\Programs\Fiddler\license.txt Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler Classic.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler ScriptEditor.lnk Jump to behavior
Stores large binary data to the registry
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Users/user/AppData/Local/Programs/Fiddler/Fiddler.exe\0 ImageList Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: ngen.exe, 00000010.00000002.1781061494.000000B8E30FC000.00000004.00000010.00020000.00000000.sdmp, ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:53.967 [7260]: 1>ERROR COMPILING C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: \FIDDLER.EXE.CONFIG
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A0000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781651881.000002808A8F0000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781773161.000002808A9A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXEINSTALLC:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:47.754 [7260]: 1>WARNING: SYSTEM.BADIMAGEFORMATEXCEPTION: [C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE] INVALID TYPEREF TOKEN. WHILE RESOLVING 0X1000304 - .
Source: ngen.exe, 00000010.00000002.1781969633.000002808AA0E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SYSTEM.CORE, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089S\FIDDLER\FIDDLER.EXE
Source: Fiddler.exe.3.dr Binary or memory string: INTERNALNAMEFIDDLER.EXE
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9B5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXEINSTALLC:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXEUU
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:26.385 [7260]: 1>WARNING: SYSTEM.BADIMAGEFORMATEXCEPTION: [C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE] INVALID TYPEREF TOKEN. WHILE RESOLVING 0X10002FA - .
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE"INSTALL "
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.00000000005DC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: EXTRACT: FIDDLER.EXES
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE" -VIEWER "%1"KERNEL32::GETCURRENTPROCESS()P.SKERNEL32::ISWOW64PROCESS2(PS,*I0S,*I)|KERNEL32::ISWOW64PROCESS(P-1,*I0S)INT64OPWRITE X64 HKLM KEYS9999UPDATEPENDINGSOFTWARE\MICROSOFT\FIDDLER2\PREFS\.DEFAULTFIDDLER.UI.LASTVIEWSOFTWARE\MICROSOFT\FIDDLER2\UIFRMVIEWER_WSTATEJSEDITORNOTEPAD.EXE
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE -STARTEDBYUPDATE3000
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:38.603 [7260]: 1> COMPILING ASSEMBLY C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE (CLR V4.0.30319) ...
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:21.848 [7260]: 1> COMPILING ASSEMBLY C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE (CLR V4.0.30319) ...
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp, Fiddler.exe.3.dr Binary or memory string: FIDDLER.EXE
Source: ngen.exe, 00000010.00000002.1782052183.000002808AA21000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: INSTALLING ASSEMBLY C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE BECAUSE OF AN ERROR DURING COMPILATION: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: ngen.exe, 00000010.00000002.1782052183.000002808AA21000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ERROR COMPILING C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9B5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXEFIDDLER\FIDDLER.EXE
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE" INSTALL "C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE"Q
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE" -NOATTACH "%1"SOFTWARE\CLASSES\FIDDLER.ARCHIVEZIP\SHELL\OPEN &IN VIEWER\COMMAND"
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: EXTRACT: FIDDLER.EXE.CONFIG
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: \FIDDLER.EXEWAITING FOR PROGRESS TELERIK FIDDLER CLASSIC COMPONENT TO CLOSE ITSELF AUTOMATICALLY...500A PROGRESS TELERIK FIDDLER CLASSIC COMPONENT APPEARS TO BE RUNNING.
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: \FIDDLER.EXE" ACTION=ALLOW PROFILE=ANY DIR=IN EDGE=DEFERUSER PROTOCOL=TCP DESCRIPTION="PERMIT INBOUND CONNECTIONS TO FIDDLER"UNINSTALLSOFTWARE\MICROSOFT\FIDDLER2\INSTALLERSETTINGSKERNEL32::GETCURRENTPROCESS()P.SKERNEL32::ISWOW64PROCESS2(PS,*I0S,*I)|KERNEL32::ISWOW64PROCESS(P-1,*I0S)INT64OPSHOULD I DELETE ALL PROGRESS TELERIK FIDDLER CLASSIC-RELATED SETTINGS?
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE"C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE" INSTALL "C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE"C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXEWINSTA0\DEFAULT
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE" INSTALL "C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE"
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002718000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: NOTE: THIS TOOL WILL INVALIDATE THE AUTHENTICODE DIGITAL SIGNATUREUON FIDDLER.EXE, WHICH IS GENERALLY HARMLESS, BUT MAY CAUSE;FIREWALL OR ANTIVIRUS ALERTS.Q
Source: ngen.exe, 00000010.00000002.1781061494.000000B8E30FC000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: \LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE:
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:36.785 [7260]: 1>NGEN FAILED TO GENERATE NATIVE CODE FOR IMAGE C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE BECAUSE OF THE FOLLOWING ERROR: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: ngen.exe, 00000010.00000002.1781969633.000002808AA0E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE (CLR V4.0.30319)C951077A5C561934E089
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:47.520 [7260]: 1>WARNING: SYSTEM.BADIMAGEFORMATEXCEPTION: [C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE] INVALID TYPEREF TOKEN. WHILE RESOLVING 0X10002FA - .
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:18.050 [7260]: COMMAND LINE: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE INSTALL C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE
Source: ngen.exe, 00000010.00000002.1782052183.000002808AA21000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ZC:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXEEUTRAL, PUBLICKEYTOKEN=B03F5F7F11D50A3A (CLR V4.0.30319)
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: \UPDATEFIDDLER.EXE
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:26.629 [7260]: 1>WARNING: SYSTEM.BADIMAGEFORMATEXCEPTION: [C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE] INVALID TYPEREF TOKEN. WHILE RESOLVING 0X1000304 - .
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:53.998 [7260]: 1>UNINSTALLING ASSEMBLY C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE BECAUSE OF AN ERROR DURING COMPILATION: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: ngen.exe, 00000010.00000002.1782052183.000002808AA21000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 1>ERROR COMPILING C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9D1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: EN-GBENEN-USSK/APPDATA/LOCAL/PROGRAMS/FIDDLER/FIDDLER.EXE
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: WOULD YOU LIKE TO GO DOWNLOAD MANUALLY NOW?HTTPS://FIDDLER2.COM/R/?GETDOTNET4OPEN HTTPS://FIDDLER2.COM/R/?GETDOTNET4COMPATIBLE .NET FRAMEWORK/SERVICE PACK FOUND.INSTALLING PROGRESS TELERIK FIDDLER CLASSIC2500FIDDLER.EXE.CONFIGFIDDLER.PDBSETUPHELPERTRUSTCERT.EXETRUSTCERT.PDBINSTALLING DEPENDENCIES...
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:36.832 [7260]: 1>NGEN WILL RETRY COMPILATION OF IMAGE C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781773161.000002808A9D1000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781773161.000002808A9A0000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781773161.000002808A9B5000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781651881.000002808A8F0000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000010.00000002.1781773161.000002808A9A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE
Source: FiddlerSetup.exe, 00000003.00000002.2527704098.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: \FIDDLER.EXE"UNINSTALL "
Source: FiddlerSetup.exe, 00000003.00000002.2525824876.0000000000578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \FIDDLER.EXE" ACTION=ALLOW PROFILE=ANY DIR=IN EDGE=DEFERUSER PROTOCOL=TCP DESCRIPTION="PERMIT INBOUND CONNECTIONS TO FIDDLER"FIDDLER.EXEWAITING FOR PROGRESS TELERIK FIDDLER CLASSIC COMPONENT TO CLOSE ITSELF AUTOMATICALLY...500A PROGRESS TELERIK FIDDLER CLASSIC COMPONENT APPEARS TO BE RUNNING.
Source: ngen.exe, 00000010.00000002.1781773161.000002808A9A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXEINSTALLC:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE""
Source: FiddlerSetup.exe, 00000003.00000002.2524271016.000000000040A000.00000004.00000001.01000000.00000004.sdmp Binary or memory string: *?|<>/":%S%S.DLLCALLERS\user~1\APPDATA\LOCAL\TEMP\NSX8D7.TMP\SYSTEM.DLLORT\VSWEBTESTEXPORT.PDB\*.**.*KCONNECTIONS.WINDOWS.DLL\*.*C:\USERS\user~1\APPDATA\LOCAL\TEMP\NSX8D7.TMP\SYSTEM.DLL2T\VSWEBTESTEXPORT.PDBDLLTWORKCONNECTIONS.WINDOWS.DLLFALSERS\user~1\APPDATA\LOCAL\TEMP\NSX8D7.TMPR/TASKS/CONFIGUREFIDDLER.EXE"PPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE" ACTION=ALLOW PROFILE=ANY DIR=IN EDGE=DEFERUSER PROTOCOL=TCP DESCRIPTION="PERMIT INBOUND CONNECTIONS TO FIDDLER"TRUEERS\user~1\APPDATA\LOCAL\TEMP\NSX8D7.TMP\SYSTEM.DLLTOR\FSE2.EXE
Source: ngen.exe, 00000010.00000002.1781969633.000002808AA0E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: UNINSTALLING ASSEMBLY C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE BECAUSE OF AN ERROR DURING COMPILATION: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Source: Fiddler.exe.3.dr Binary or memory string: ORIGINALFILENAMEFIDDLER.EXE0
Source: ngen.log.18.dr Binary or memory string: 04/24/2024 01:29:36.724 [7260]: 1>ERROR COMPILING C:\USERS\user\APPDATA\LOCAL\PROGRAMS\FIDDLER\FIDDLER.EXE: AN ATTEMPT WAS MADE TO LOAD A PROGRAM WITH AN INCORRECT FORMAT. (EXCEPTION FROM HRESULT: 0X8007000B)
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Memory allocated: 2850000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Memory allocated: 2A60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Memory allocated: 28B0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Found dropped PE file which has not been started or loaded
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c0c-0\Microsoft.Build.Utilities.v4.0.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cd8-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ExecAction.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a58-0\System.DirectoryServices.Protocols.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Analytics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1280-0\System.Web.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\1936f2ecbcf18cda53f04b49073cf801\SMDiagnostics.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.Wrapper.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Brotli.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Connection.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Syntax.Schemes.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\70bed732cba41d298e54cc0a935a935b\System.ComponentModel.DataAnnotations.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1454-0\System.Numerics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c68-0\System.Deployment.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\GA.Analytics.Monitor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\Standard.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.Parsers.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b64-0\System.ServiceModel.Internals.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1408-0\System.Drawing.Design.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\RulesTab2.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\59a1f5e7ac4b0e905803332438ede0a4\EnableLoopback.ni.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\netstandard.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Editor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cec-0\System.Security.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Addon.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1edc-0\Microsoft.Build.Framework.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b18-0\System.Web.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\Analytics.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\058b5c6d514044e05b07d4b113045f72\System.Data.OracleClient.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\8e9f4b8ba90f0dd7ead0f6d3724d12f0\Microsoft.JScript.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\dwebp.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\1add9b3a6e41e9922f7c95ebd442ed4e\System.Drawing.Design.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\Timeline.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\51cf3243e3f9124c32bc8614b4bcda4e\System.Web.ApplicationServices.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Be.Windows.Forms.HexBox.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\JXR2PNG.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11ac-0\EnableLoopback.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\VSWebTestExport.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Utilities.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\FiddlerOrchestra.Protocol.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c44-0\System.Deployment.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Plugins\NetworkConnections\Telerik.NetworkConnections.Windows.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\0bc179a6f5376dabed45d64773e7a963\System.Web.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bb0-0\System.EnterpriseServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1260-0\System.Design.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Editor.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.Wrapper.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.Parsers.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce1e4670373608336100bea63bbc8990\System.Numerics.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\3f8d7f63514ceeaa11244b3e16a3ea5c\Microsoft.Build.Framework.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1f24-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ForceCPU.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\a2886f8a05c8adae3050b95af3970e92\System.DirectoryServices.Protocols.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1958-0\System.ComponentModel.DataAnnotations.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1090-0\System.Data.OracleClient.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Syntax.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\604-0\System.Web.ApplicationServices.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\b5d4608754b2d1d4f1d2d3c00cbcdfe0\System.Runtime.Caching.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\cbb85b2c3ecfe129570a8c187041de31\System.EnterpriseServices.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c30-0\System.Data.SqlXml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\QWhale.Syntax.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Scripts\SimpleFilter.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\7192d8df2c3d8228b392f5912e16ebc2\Microsoft.Build.Utilities.v4.0.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx8D7.tmp\System.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\172c-0\System.Runtime.Serialization.Formatters.Soap.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\aa6a3ae1d00b1eb221bba5375e6387b1\System.ServiceModel.Internals.ni.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\DotNetZip.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\e6264fe3334740cf9e7da3afc7d524cc\System.Design.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1e44-0\System.Security.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\QWhale.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\uninst.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\744-0\Microsoft.JScript.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Inspectors\SyntaxView.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\Zopfli.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\TrustCert.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\Tools\PngDistill.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\makecert.exe Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\9c63130543c9d395491387159924bf83\System.Web.RegularExpressions.ni.dll (copy) Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\780-0\System.Runtime.Caching.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Fiddler\ImportExport\BasicFormats.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\240-0\SMDiagnostics.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper TID: 7456 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7540 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1916 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7708 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 2520 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7532 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 4240 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 3028 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7116 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 2404 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 4716 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7440 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 3268 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7372 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 4348 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5088 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5664 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 6352 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 6160 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7308 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 6812 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 4256 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7332 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 6488 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7352 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 8104 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7308 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5664 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7312 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5144 Thread sleep time: -922337203685477s >= -30000s
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File Volume queried: C:\Users\user\AppData\Local FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File Volume queried: C:\Users\user\AppData\Local FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_0040687E FindFirstFileW,FindClose, 1_2_0040687E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 1_2_00405C2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_00402910 FindFirstFileW, 1_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00402910 FindFirstFileW, 3_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_004069DF FindFirstFileW,FindClose, 3_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Code function: 3_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 3_2_00405D8E
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs\Fiddler\ScriptEditor Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData\Local\Programs\Fiddler Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://fiddler2.com/r/?Fiddler2FirstRun Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 260 -Pipe 268 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 270 -Pipe 278 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 280 -Pipe 288 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 290 -Pipe 298 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2dc -Pipe 264 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2fc -Pipe 290 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 26c -Pipe 2c8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 294 -Pipe 304 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2ec -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 264 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2dc -Pipe 304 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 330 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 320 -Pipe 30c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 18c -Pipe 330 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 280 -Pipe 270 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 324 -Pipe 2f4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 338 -Pipe 18c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 320 -Pipe 334 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 34c -Pipe 31c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 354 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 340 -Pipe 360 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 370 -Pipe 36c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 3a8 -Pipe 3b0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3cc -Pipe 394 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 384 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3e8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 280 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3a4 -Pipe 370 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 3c4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3e0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3ec -Pipe 3c0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 328 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3ec -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3bc -Pipe 3b8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3a0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3ac -Pipe 3d4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3b8 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 388 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3d8 -Pipe 3e4 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 268 -Pipe 2bc -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 0 -NGENProcess 264 -Pipe 26c -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 300 -Pipe 334 -Comment "NGen Worker Process" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process" Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "c:\windows\system32\netsh.exe" advfirewall firewall add rule name="fiddlerproxy" program="c:\users\user\appdata\local\programs\fiddler\fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="permit inbound connections to fiddler"
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "c:\windows\system32\netsh.exe" advfirewall firewall add rule name="fiddlerproxy" program="c:\users\user\appdata\local\programs\fiddler\fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="permit inbound connections to fiddler" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\SetupHelper VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\DotNetZip.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Analytics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\DotNetZip.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Analytics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\DotNetZip.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\Analytics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Fiddler\EnableLoopback.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe Code function: 1_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_004034FC

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsiE437.tmp\FiddlerSetup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected PureLog Stealer
Source: Yara match File source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\nsoE58F.tmp, type: DROPPED
Yara detected zgRAT
Source: Yara match File source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED

Remote Access Functionality
barindex
Yara detected PureLog Stealer
Source: Yara match File source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\nsoE58F.tmp, type: DROPPED
Yara detected zgRAT
Source: Yara match File source: C:\Users\user\AppData\Local\Programs\Fiddler\Fiddler.exe, type: DROPPED
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1430644 Sample: SecuriteInfo.com.Trojan.MSI... Startdate: 24/04/2024 Architecture: WINDOWS Score: 40 88 Malicious sample detected (through community Yara rule) 2->88 90 Yara detected PureLog Stealer 2->90 92 Yara detected zgRAT 2->92 94 2 other signatures 2->94 9 SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe 17 2->9         started        process3 file4 48 C:\Users\user\AppData\...\FiddlerSetup.exe, PE32 9->48 dropped 12 FiddlerSetup.exe 38 135 9->12         started        process5 file6 68 C:\Users\user\AppData\Local\...\Fiddler.exe, PE32 12->68 dropped 70 C:\Users\user\AppData\Local\...\nsoE58F.tmp, data 12->70 dropped 72 C:\Users\user\AppData\Local\...\System.dll, PE32 12->72 dropped 74 46 other files (none is malicious) 12->74 dropped 96 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->96 98 Uses netsh to modify the Windows network and firewall settings 12->98 100 Modifies the windows firewall 12->100 16 ngen.exe 5 4 12->16         started        19 ngen.exe 5 4 12->19         started        21 chrome.exe 12->21         started        24 3 other processes 12->24 signatures7 process8 dnsIp9 86 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 16->86 26 mscorsvw.exe 16->26         started        29 mscorsvw.exe 16->29         started        31 mscorsvw.exe 16->31         started        40 41 other processes 16->40 33 mscorsvw.exe 19->33         started        35 mscorsvw.exe 19->35         started        42 6 other processes 19->42 76 192.168.2.7, 123, 138, 443 unknown unknown 21->76 78 239.255.255.250 unknown Reserved 21->78 37 chrome.exe 21->37         started        44 3 other processes 24->44 signatures10 process11 dnsIp12 50 C:\Windows\...\System.EnterpriseServices.dll, PE32+ 26->50 dropped 54 3 other files (none is malicious) 26->54 dropped 56 2 other files (none is malicious) 29->56 dropped 58 2 other files (none is malicious) 31->58 dropped 60 2 other files (none is malicious) 33->60 dropped 62 2 other files (none is malicious) 35->62 dropped 80 s.twitter.com 104.244.42.131, 443, 49927, 49928 TWITTERUS United States 37->80 82 t.co 104.244.42.69, 443, 49924, 49925 TWITTERUS United States 37->82 84 64 other IPs or domains 37->84 52 C:\...\Microsoft.Build.Utilities.v4.0.dll, PE32+ 40->52 dropped 64 31 other files (none is malicious) 40->64 dropped 46 conhost.exe 40->46         started        66 4 other files (none is malicious) 42->66 dropped file13 process14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
192.29.11.142
 p01f.t.eloqua.com United States
31898 ORACLE-BMC-31898US false
3.211.190.76
 geo.qualaroo.com United States
14618 AMAZON-AESUS false
18.65.25.57
 static-cdn.hotjar.com United States
3 MIT-GATEWAYSUS false
52.252.156.53
 api.insight.sitefinity.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
18.65.25.14
 d2no1x7oj2rkdb.cloudfront.net United States
3 MIT-GATEWAYSUS false
74.125.137.156
 td.doubleclick.net United States
15169 GOOGLEUS false
34.240.56.220
 unknown United States
16509 AMAZON-02US false
50.56.19.116
 fiddler2.com United States
19994 RACKSPACEUS false
104.18.32.137
 privacyportal.onetrust.com United States
13335 CLOUDFLARENETUS false
108.139.9.18
 d585tldpucybw.cloudfront.net United States
16509 AMAZON-02US false
142.250.141.106
 unknown United States
15169 GOOGLEUS false
142.250.141.104
 unknown United States
15169 GOOGLEUS false
50.56.19.112
 telerik.com United States
19994 RACKSPACEUS false
13.226.251.88
 d6vtbcy3ong79.cloudfront.net United States
16509 AMAZON-02US false
142.251.2.156
 stats.g.doubleclick.net United States
15169 GOOGLEUS false
142.251.2.155
 googleads.g.doubleclick.net United States
15169 GOOGLEUS false
31.13.70.36
 star-mini.c10r.facebook.com Ireland
32934 FACEBOOKUS false
52.200.154.95
 q.quora.com United States
14618 AMAZON-AESUS false
52.85.205.195
 dtzbdy9anri2p.cloudfront.net United States
16509 AMAZON-02US false
104.244.42.131
 s.twitter.com United States
13414 TWITTERUS false
172.64.155.119
 unknown United States
13335 CLOUDFLARENETUS false
18.154.206.13
 euob.ytwohlcq.telerik.com United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
143.244.50.82
 bcltest2.b-cdn.net United States
174 COGENT-174US false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.19.177.52
 unknown United States
13335 CLOUDFLARENETUS false
142.250.141.99
 www.google.com United States
15169 GOOGLEUS false
152.195.19.97
 sni1gl.wpc.gammacdn.net United States
15133 EDGECASTUS false
13.107.213.69
 part-0041.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
3.248.162.96
 obseu.ytwohlcq.telerik.com United States
16509 AMAZON-02US false
104.17.246.203
 unpkg.com United States
13335 CLOUDFLARENETUS false
104.19.178.52
 cdn.cookielaw.org United States
13335 CLOUDFLARENETUS false
104.244.42.69
 t.co United States
13414 TWITTERUS false
143.244.50.213
 qualdnt.b-cdn.net United States
174 COGENT-174US false
13.226.225.31
 script.hotjar.com United States
16509 AMAZON-02US false
31.13.70.7
 scontent.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
146.75.92.157
 platform.twitter.map.fastly.net Sweden
30051 SCCGOVUS false
34.245.244.146
 prod-dem-collector-elb-611025824.eu-west-1.elb.amazonaws.com United States
16509 AMAZON-02US false
104.22.54.104
 rum-static.pingdom.net United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.7

Contacted Domains

Name IP Active
telerik.com 50.56.19.112 true
d6vtbcy3ong79.cloudfront.net 13.226.251.88 true
sni1gl.wpc.gammacdn.net 152.195.19.97 true
p01f.t.eloqua.com 192.29.11.142 true
euob.ytwohlcq.telerik.com 18.154.206.13 true
platform.twitter.map.fastly.net 146.75.92.157 true
stats.g.doubleclick.net 142.251.2.156 true
scontent.xx.fbcdn.net 31.13.70.7 true
privacyportal.onetrust.com 104.18.32.137 true
rum-static.pingdom.net 104.22.54.104 true
t.co 104.244.42.69 true
script.hotjar.com 13.226.225.31 true
cdnjs.cloudflare.com 104.17.25.14 true
www.google.com 142.250.141.99 true
q.quora.com 52.200.154.95 true
static-cdn.hotjar.com 18.65.25.57 true
star-mini.c10r.facebook.com 31.13.70.36 true
s.twitter.com 104.244.42.131 true
bcltest2.b-cdn.net 143.244.50.82 true
obseu.ytwohlcq.telerik.com 3.248.162.96 true
d585tldpucybw.cloudfront.net 108.139.9.18 true
d2no1x7oj2rkdb.cloudfront.net 18.65.25.14 true
prod-dem-collector-elb-611025824.eu-west-1.elb.amazonaws.com 34.245.244.146 true
googleads.g.doubleclick.net 142.251.2.155 true
qualdnt.b-cdn.net 143.244.50.213 true
part-0041.t-0009.t-msedge.net 13.107.213.69 true
td.doubleclick.net 74.125.137.156 true
analytics.google.com 142.251.2.139 true
dtzbdy9anri2p.cloudfront.net 52.85.205.195 true
fiddler2.com 50.56.19.116 true
unpkg.com 104.17.246.203 true
cdn.cookielaw.org 104.19.178.52 true
geolocation.onetrust.com 104.18.32.137 true
geo.qualaroo.com 3.211.190.76 true
api.insight.sitefinity.com 52.252.156.53 true
static.ads-twitter.com unknown unknown
a.quora.com unknown unknown
s1325.t.eloqua.com unknown unknown
www.telerik.com unknown unknown
static.hotjar.com unknown unknown
cl.qualaroo.com unknown unknown
c.clarity.ms unknown unknown
www.facebook.com unknown unknown
www.clarity.ms unknown unknown
img.en25.com unknown unknown
www.linkedin.com unknown unknown
www.clickcease.com unknown unknown
rum-collector-2.pingdom.net unknown unknown
d.clarity.ms unknown unknown
connect.facebook.net unknown unknown
px.ads.linkedin.com unknown unknown
analytics.twitter.com unknown unknown
dntcl.qualaroo.com unknown unknown
snap.licdn.com unknown unknown
cdn.insight.sitefinity.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.telerik.com/RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd37538b&pageDataId=1f960fad-aef2-4475-8978-52fb7a29dbc9&pageNodeKey=5CEB4BE1-05BD-4C69-892A-2C2BBD37538B/b31ca85c-a1c5-4a9d-8b5d-e7b0736a8b16/SitefinitySiteMap&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&controls=09f9bb4f-5990-40af-b361-7849c73c9604_1,0cd3f511-e7d9-4e23-8773-26005ae09893_1,25637a62-a321-49a0-8b7e-5962dc977e95_1,6b5ac4dc-8fd0-4043-bd0a-e9ffd31e3bc8_1&correlationId=lvd0q0oezinv502q4f false
    		high
    https://s1325.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&tzo=-60&ms=36&optin=disabled false
      		high
      https://www.telerik.com/webapi/Announcements/GetPromo?url=https://www.telerik.com/download/fiddler/first-run false
        		high
        about:blank false
        • Avira URL Cloud: safe
        		 low
        https://www.telerik.com/RestApi/personalizations/render?pageNodeId=5ceb4be1-05bd-4c69-892a-2c2bbd37538b&pageDataId=1f960fad-aef2-4475-8978-52fb7a29dbc9&pageNodeKey=5CEB4BE1-05BD-4C69-892A-2C2BBD37538B/b31ca85c-a1c5-4a9d-8b5d-e7b0736a8b16/SitefinitySiteMap&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&controls=09f9bb4f-5990-40af-b361-7849c73c9604_1,0cd3f511-e7d9-4e23-8773-26005ae09893_1,25637a62-a321-49a0-8b7e-5962dc977e95_1,6b5ac4dc-8fd0-4043-bd0a-e9ffd31e3bc8_1&correlationId=lvd0qj2kn097okrw3nn false
          		high
          https://stats.g.doubleclick.net/g/collect?v=2&tid=G-9JSNBCSF54&cid=925834404.1713914987&gtm=45je44m0v9167661709z8536291za200&aip=1&dma=0&gcs=G111&gcd=13v3v3v3v5&npa=0 false
            		high
            https://d6vtbcy3ong79.cloudfront.net/telerik-navigation/3.5.25/js/index.min.mjs false
              		high
              https://s1325.t.eloqua.com/visitor/v200/svrGP?pps=70&siteid=1325 false
                		high
                https://s1325.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1325&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref2=elqNone&tzo=-60&ms=762&optin=disabled&elqCookie=1 false
                  		high
                  http://www.telerik.com/download/fiddler/first-run false
                    		high
                    https://rum-collector-2.pingdom.net/img/beacon.gif?id=54328dddabe53db9497b23c6&sAW=1280&sAH=984&bIW=1034&bIH=870&pD=24&dPR=1&or=landscape-primary&nT=1&rC=0&nS=0&cS=13&cE=434&dLE=13&dLS=13&fS=4&hS=14&rE=-1&rS=-1&reS=434&resS=1091&resE=1520&uEE=1137&uES=1137&dL=1156&dI=1751&dCLES=1751&dCLEE=1754&dC=8300&lES=8308&lEE=8310&s=nt&title=First%20run&path=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&ref=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&sId=zaewourn&sST=1713915006&sIS=1&rV=0&v=1.4.1 false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=1853818599.1713914998&url=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&dma=0&npa=0&gtm=45je44m0v9167661709z8536291za200&auid=571138784.1713914988 false
                      		high
                      https://q.quora.com/_/ad/f3942e2f1f7d449b81784d171e274880/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run false
                        		high
                        https://cdn.cookielaw.org/consent/3dfce4f2-dab6-4128-9f33-df7e0597da82/8b69118b-3606-49f3-8c41-2718141b484d/en.json false
                          		high
                          https://script.hotjar.com/modules.588629dd3c10b20ab52d.js false
                            		high
                            https://cl.qualaroo.com/ki.js/24100/4Nr.js false
                              		high
                              https://www.google.com/pagead/1p-conversion/975652292/?label=p4zxCNq_8IkYEMSLndED&guid=ON&script=0&ct_cookie_present=false&random=410509906&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQIiAQFAAQ&pscrd=CLnc9JHh-P76OCITCIaknPO-2YUDFcT8_QUdYDUDfjICCAMyAggEMgIIBzICCAgyAggJMgIICjICCAIyAggLOhhodHRwczovL3d3dy50ZWxlcmlrLmNvbS8&is_vtc=1&cid=CAQSKQB7FLtqm_2Y7mhgr_4TT706Z25qzJIIuEtEWsQVeg8mFAIyjSrn8yEj&random=4068442111 false
                                		high
                                https://d6vtbcy3ong79.cloudfront.net/fonts/2.2.7/metric/Metric-Semibold.woff2 false
                                  		high
                                  https://connect.facebook.net/signals/config/1444093252502226?v=2.9.154&r=stable&domain=www.telerik.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105 false
                                    		high
                                    https://www.telerik.com/WebResource.axd?d=wnB2OjhYopty-dCFa4b2kKCIWGgLoaj0QQ4I7F_PiSysmtqnVBUtsGpmlAymZDgXEXdRjhe5BdfNkuyybLSHMhRnbzI9oh6WXC-y-EwOrJPY0qCvfWaOo0ltV4TVm8apzRlzF5O244Y4u7-m5V8Vv2yC1Tun7PurVRoOxfv28sPwY-isOJNAi7MSqc1tycGYAkqZXHU_zlVNorSTBDv4W4jemDM1&t=638477158040000000 false
                                      		high
                                      https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1444093252502226&ev=CHEQ&dl=https%3A%2F%2Fwww.telerik.com%2Fdownload%2Ffiddler%2Ffirst-run&rl=&if=false&ts=1713914994454&sw=1280&sh=1024&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713914994453.110516813&ler=empty&cdl=API_unavailable&it=1713914993541&coo=false&rqm=FGET false
                                        		high
                                        https://unpkg.com/web-vitals/dist/web-vitals.iife.js false
                                          		high
                                          https://dtzbdy9anri2p.cloudfront.net/cache/b6ce06a57a51347c21d7af30873baa8620408fd6/telerik/css/style.css false
                                            		high
                                            https://obseu.ytwohlcq.telerik.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126bedce34ef478a9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5d168b6a2f17071a10acf9f29f674d8b83d8022b3648fa2c2157826adf61950c655021c604030a35555997b7624f77be26bb25cb43e2923ef44c6eaa132c7a14c450ea54e285929c68f37950aa2084ba5f7ff35b7b1a2d18c8c9077af562b7818fbd1910fa0a9fc95df820da75c45b956279f02b01f2040e0228d2595fe69fe0a100ba2f965f980cf64d766dbad1276140023df819958d45a95f60e8e4e47116253bc6f57662d4dd09012b4576190bb98e32606d64f5ac183bd5b4f02d97fe58740f30b9e4f0d58a7dacd9db0ee35fc95f6f6bc9ecc8b6f03dc5d8e23d97320fd9ad9d784a40ff6939ac820876b08de97e8a03fa42ae965d8013d9c56d9c7c71d6da2dc77ad795afedcbbabf4c68af74a8e8a5744e60e3943dcceb13e75a1058830906d092cecccaec9426873ac792f5c638e87b3b6cd7366b8493925f2adca82bf853b5c11fd837ae3d1a0b63fd76f14ddc87f62cf6c72fc45cbfd9929b77895d437ded590413260974d1ba71a51d99819231b0d273fa9e2bca89e0b27c82bfaa596b6b84e75347ddfa0d5104f2e2e524bb6cc3a81fabfd6cf722b22d87008c06ddba58924672a6f7c974232d3e526c520b46eeb8d332c008a5075c5f3bafe53c83c14d52bac18ba8b67ecbefe1f485fcabf14f513dfc4685bf586a8a4b6209cb710b231faa22fa285dbbbfd3699861c9248caa2fc4b90990720b25250162129dc0e1da3a7354990a59879185a9baa152059eb0bd6197cf7379d0ce133c69fa91c55721b72483439c06fe3c9d16c7d515f8ba5ffe89dc97c11370e5f23a7d8371a78eb9aa129564330841d0151536f6fb3686b711cccdc2ae1edf9b95704b6e13ac37b904b454b5806a9f334728493d633f9633c7f56635c61dc7f3f569a8bb289e6861eb5425788de2c30b44ef76f48d19db0338084da25b57f3cbbf1ebd165ec7dd67a2d6dca8925ec81f157407f81c484e8ed24805a836e7e2d379de97bd72022ff32e79575aad4207bfc6b00a1b927e6387c2c553c3d5bacf5922a622fb5a3b44c64f3f6d958d510399dce0caf0f24ea328ac6ec9379ecc5195fff22a2bfdd90391cbfca0cef0cadf6b01dfa4375f9b23805bde4cebe52cacd3df8c32cbc6a7a4a41520cdbfb1ec499705d411432f&cri=JFpDhY30Gl&ts=1709&cb=1713914999226 false
                                              		high
                                              https://dntcl.qualaroo.com/frame.html false
                                                		high
                                                https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-111455-1&cid=925834404.1713914987&jid=1541579741&gjid=934141005&_gid=1225407003.1713914987&_u=aGBAiEABBAAAAGAFKC~&z=2074653487 false
                                                  		high
                                                  about:srcdoc false
                                                  • Avira URL Cloud: safe
                                                  		 low
                                                  https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js false
                                                    		high
                                                    https://www.telerik.com/favicon.ico?v=rebv1 false
                                                      		high
                                                      https://d6vtbcy3ong79.cloudfront.net/telerik-navigation/3.5.25/css/index.min.css false
                                                        		high