File name:

FiddlerSetup.5.0.20251.1171-latest.exe

Full analysis: https://app.any.run/tasks/9181cddc-d924-476b-99e8-ceb9aa24bd53
Verdict: Malicious activity
Analysis date: February 01, 2025, 11:21:25
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

0002ECFE0F9BB7F06281809EBD5E53CD

SHA1:

EF5FDC0BE87180CD4C0F914F0FEC94C06ADD1C1F

SHA256:

1212B60DDCECC5496C30E0AB5A128052099C65B87547DECA70E0EF0D77478B94

SSDEEP:

98304:uahvp8EYcgPPVZeUhYR8M/5oH7xNX4M/ly/JraRHAeAbI5D0tPXBzUvAEj4lHWrR:1hJOb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 6176)

    • Executable content was dropped or overwritten

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 6280)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • FiddlerSetup.exe (PID: 4556)

    • Reads security settings of Internet Explorer

      • FiddlerSetup.exe (PID: 4556)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • FiddlerSetup.exe (PID: 4556)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • FiddlerSetup.exe (PID: 4556)

    • Starts application with an unusual extension

      • FiddlerSetup.exe (PID: 4556)

    • The process creates files with name similar to system file names

      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6992)

    • Creates a software uninstall entry

      • FiddlerSetup.exe (PID: 4556)

  • INFO

    • Checks supported languages

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)
      • ngen.exe (PID: 5604)
      • SetupHelper (PID: 3640)
      • mscorsvw.exe (PID: 1572)
      • ngen.exe (PID: 5564)
      • mscorsvw.exe (PID: 2088)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 6884)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4128)
      • mscorsvw.exe (PID: 7016)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6180)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 7044)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 7132)
      • mscorsvw.exe (PID: 6916)
      • mscorsvw.exe (PID: 6244)
      • mscorsvw.exe (PID: 3144)
      • mscorsvw.exe (PID: 1616)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4056)
      • identity_helper.exe (PID: 7044)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 3416)
      • mscorsvw.exe (PID: 4684)
      • mscorsvw.exe (PID: 7012)
      • mscorsvw.exe (PID: 6288)
      • mscorsvw.exe (PID: 7020)
      • mscorsvw.exe (PID: 6168)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 6280)

    • Create files in a temporary directory

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)

    • The sample compiled with english language support

      • FiddlerSetup.exe (PID: 4556)
      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 4968)

    • Reads the computer name

      • FiddlerSetup.exe (PID: 4556)
      • ngen.exe (PID: 5564)
      • ngen.exe (PID: 5604)
      • SetupHelper (PID: 3640)
      • mscorsvw.exe (PID: 1572)
      • mscorsvw.exe (PID: 2088)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 6884)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4128)
      • mscorsvw.exe (PID: 7016)
      • mscorsvw.exe (PID: 7132)
      • mscorsvw.exe (PID: 6180)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 7044)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6916)
      • mscorsvw.exe (PID: 1616)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4056)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6236)
      • identity_helper.exe (PID: 7044)
      • mscorsvw.exe (PID: 3144)
      • mscorsvw.exe (PID: 6244)
      • mscorsvw.exe (PID: 3416)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 4684)
      • mscorsvw.exe (PID: 6168)
      • mscorsvw.exe (PID: 6288)
      • mscorsvw.exe (PID: 7012)
      • mscorsvw.exe (PID: 7020)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6280)

    • Creates files or folders in the user directory

      • FiddlerSetup.exe (PID: 4556)

    • NGen native .NET image generation

      • ngen.exe (PID: 5564)
      • ngen.exe (PID: 5604)

    • Creates files in the program directory

      • mscorsvw.exe (PID: 1572)

    • Reads the machine GUID from the registry

      • mscorsvw.exe (PID: 1572)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 2088)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 3736)

    • Application launched itself

      • msedge.exe (PID: 2676)
      • msedge.exe (PID: 6340)

    • Manual execution by a user

      • msedge.exe (PID: 6340)

    • Process checks computer location settings

      • FiddlerSetup.exe (PID: 4556)

    • Reads Environment values

      • identity_helper.exe (PID: 7044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:15+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x351c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.0.20251.1171
ProductVersionNumber: 5.0.20251.1171
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: http://www.telerik.com/fiddler
CompanyName: Progress Software Corporation
FileDescription: Installer for Progress Telerik Fiddler Classic
FileVersion: 5.0.20251.1171
LegalCopyright: Copyright ©2003 - 2025 Progress Software Corporation. All rights reserved.
ProductName: Progress Telerik Fiddler Classic Setup
ProductVersion: 5.0.20251.1171
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
250
Monitored processes
129
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start fiddlersetup.5.0.20251.1171-latest.exe fiddlersetup.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs ngen.exe no specs conhost.exe no specs ngen.exe no specs conhost.exe no specs setuphelper no specs conhost.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs identity_helper.exe no specs identity_helper.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs fiddlersetup.5.0.20251.1171-latest.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6916 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 344 -Pipe 314 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e0 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 378 -Pipe 344 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\oleaut32.dll
628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2c8 -Pipe 2d0 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
1224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4108 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1416"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7008 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1536"C:\WINDOWS\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"C:\Windows\SysWOW64\netsh.exeFiddlerSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2c8 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
Total events
19 330
Read events
19 210
Write events
118
Delete events
2

Modification events

(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:InstallPath
Value:
C:\Users\admin\AppData\Local\Programs\Fiddler\
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:PluginPath
Value:
"C:\Users\admin\AppData\Local\Programs\Fiddler\Inspectors\"
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:ScriptPath
Value:
"C:\Users\admin\AppData\Local\Programs\Fiddler\Scripts\"
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:InstalledVersion
Value:
5.0.20251.1171
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CLASSES_ROOT\Fiddler.ArchiveZip
Operation:writeName:PerceivedType
Value:
compressed
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CLASSES_ROOT\Fiddler.ArchiveZip
Operation:writeName:Content Type
Value:
application/vnd.telerik-fiddler.SessionArchive
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2
Operation:writeName:UpdatePending
Value:
False
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\UI
Operation:writeName:frmViewer_WState
Value:
2
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2
Operation:writeName:JSEditor
Value:
C:\Users\admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\MenuExt\&Sandbox
Operation:writeName:Command
Value:
iexplore.exe
Executable files
133
Suspicious files
327
Text files
61
Unknown types
0

Dropped files

PID
Process
Filename
Type
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\Fiddler.pdbbinary
MD5:4043A7B1FB64F090431248F6CFE4B2AC
SHA256:22A19731E750814B25BFB801844BAB5C088D615584472E4D8494EDE79BB4B8C4
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\SetupHelperexecutable
MD5:129B3A70CD38A2BDB8E67E2DE23CA2FD
SHA256:50AA869FECE341B7432A44369E086AE8939C7558D2F9C76E12040883AA7B533C
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\TrustCert.exeexecutable
MD5:0E6F00285085D503DE5E622D9E99942A
SHA256:1C3202DD6F92E84F7B47B8EB37111137E49CB2CC65EE681135DFFC9337502117
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Net.Http.dllexecutable
MD5:665E355CBED5FE5F7BEBC3CB23E68649
SHA256:B5D20736F84F335EF4C918A5BA41C3A0D7189397C71B166CCC6C342427A94ECE
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dllexecutable
MD5:195FFB7167DB3219B217C4FD439EEDD6
SHA256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\Countdown.wavbinary
MD5:3241067E4D532F5FEB4AD907076946B0
SHA256:E10937BD9491CC7944C8C5904FAA3ECD971B329438CC1E5FE606CE731DC15DBC
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Memory.dllexecutable
MD5:6FB95A357A3F7E88ADE5C1629E2801F8
SHA256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Buffers.dllexecutable
MD5:ECDFE8EDE869D2CCC6BF99981EA96400
SHA256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\EnableLoopback.exeexecutable
MD5:97A68E97A89090D48B1059CB4789EFBE
SHA256:9B13510ADAC9A41F45B4ECADE076F2D947799FC51EE4B8893401A977C3647783
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\EnableLoopback.pdbbinary
MD5:A4D3E5A111CB55F122A924A342A647BB
SHA256:CD75B6F96E5F9FAFCA0948C2AFBC55B7FDF14B20AF3FFABB9EF471EFD4506082
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
145
TCP/UDP connections
145
DNS requests
143
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1684
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
108.138.7.118:443
https://api.getfiddler.com/r/?Fiddler2FirstRun
unknown
unknown
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1684
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
OPTIONS
23.216.77.175:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
unknown
GET
200
52.123.243.81:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
GET
200
13.107.21.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
748 b
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
587 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2.21.65.132:443
www.bing.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.21.65.154:443
www.bing.com
Akamai International B.V.
NL
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1684
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1684
svchost.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1684
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.9
  • 2.16.164.106
  • 2.16.164.99
  • 2.16.164.24
  • 2.16.164.18
  • 2.16.164.32
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
api.getfiddler.com
  • 108.138.7.87
  • 108.138.7.101
  • 108.138.7.118
  • 108.138.7.27
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
www.telerik.com
  • 192.133.11.3
unknown

Threats

PID
Process
Class
Message
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FiddlerSetup.5.0.20251.1171-latest.exe