File name:

FiddlerSetup.5.0.20251.1171-latest.exe

Full analysis: https://app.any.run/tasks/9181cddc-d924-476b-99e8-ceb9aa24bd53
Verdict: Malicious activity
Analysis date: February 01, 2025, 11:21:25
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

0002ECFE0F9BB7F06281809EBD5E53CD

SHA1:

EF5FDC0BE87180CD4C0F914F0FEC94C06ADD1C1F

SHA256:

1212B60DDCECC5496C30E0AB5A128052099C65B87547DECA70E0EF0D77478B94

SSDEEP:

98304:uahvp8EYcgPPVZeUhYR8M/5oH7xNX4M/ly/JraRHAeAbI5D0tPXBzUvAEj4lHWrR:1hJOb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • FiddlerSetup.exe (PID: 4556)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • FiddlerSetup.exe (PID: 4556)

    • Executable content was dropped or overwritten

      • FiddlerSetup.exe (PID: 4556)
      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 6176)

    • Reads security settings of Internet Explorer

      • FiddlerSetup.exe (PID: 4556)

    • Process drops legitimate windows executable

      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 6176)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • FiddlerSetup.exe (PID: 4556)

    • The process creates files with name similar to system file names

      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6992)

    • Starts application with an unusual extension

      • FiddlerSetup.exe (PID: 4556)

    • Creates a software uninstall entry

      • FiddlerSetup.exe (PID: 4556)

  • INFO

    • The sample compiled with english language support

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 4968)

    • Checks supported languages

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)
      • mscorsvw.exe (PID: 1572)
      • ngen.exe (PID: 5604)
      • SetupHelper (PID: 3640)
      • mscorsvw.exe (PID: 2088)
      • ngen.exe (PID: 5564)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 6884)
      • mscorsvw.exe (PID: 4128)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 7016)
      • mscorsvw.exe (PID: 7132)
      • mscorsvw.exe (PID: 6180)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6916)
      • mscorsvw.exe (PID: 6244)
      • mscorsvw.exe (PID: 3144)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4056)
      • mscorsvw.exe (PID: 1616)
      • identity_helper.exe (PID: 7044)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 3416)
      • mscorsvw.exe (PID: 4684)
      • mscorsvw.exe (PID: 7020)
      • mscorsvw.exe (PID: 7012)
      • mscorsvw.exe (PID: 6288)
      • mscorsvw.exe (PID: 6168)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 4968)
      • mscorsvw.exe (PID: 7044)
      • mscorsvw.exe (PID: 6032)

    • Create files in a temporary directory

      • FiddlerSetup.5.0.20251.1171-latest.exe (PID: 3508)
      • FiddlerSetup.exe (PID: 4556)

    • NGen native .NET image generation

      • ngen.exe (PID: 5604)
      • ngen.exe (PID: 5564)

    • Reads the computer name

      • FiddlerSetup.exe (PID: 4556)
      • ngen.exe (PID: 5604)
      • SetupHelper (PID: 3640)
      • ngen.exe (PID: 5564)
      • mscorsvw.exe (PID: 2088)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 6212)
      • mscorsvw.exe (PID: 6908)
      • mscorsvw.exe (PID: 436)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 1572)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 4556)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 6540)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 6936)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 6992)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 6884)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 4128)
      • mscorsvw.exe (PID: 7016)
      • mscorsvw.exe (PID: 7132)
      • mscorsvw.exe (PID: 6180)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 7044)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6244)
      • mscorsvw.exe (PID: 3612)
      • mscorsvw.exe (PID: 3144)
      • mscorsvw.exe (PID: 4056)
      • mscorsvw.exe (PID: 1616)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 6916)
      • mscorsvw.exe (PID: 3568)
      • identity_helper.exe (PID: 7044)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 3416)
      • mscorsvw.exe (PID: 6972)
      • mscorsvw.exe (PID: 7012)
      • mscorsvw.exe (PID: 4684)
      • mscorsvw.exe (PID: 7020)
      • mscorsvw.exe (PID: 6288)
      • mscorsvw.exe (PID: 6168)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 2280)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 4968)

    • Creates files or folders in the user directory

      • FiddlerSetup.exe (PID: 4556)

    • Process checks computer location settings

      • FiddlerSetup.exe (PID: 4556)

    • Reads the machine GUID from the registry

      • mscorsvw.exe (PID: 1572)
      • mscorsvw.exe (PID: 644)
      • mscorsvw.exe (PID: 6032)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 2088)
      • mscorsvw.exe (PID: 6160)
      • mscorsvw.exe (PID: 5988)
      • mscorsvw.exe (PID: 1596)
      • mscorsvw.exe (PID: 628)
      • mscorsvw.exe (PID: 7124)
      • mscorsvw.exe (PID: 3988)
      • mscorsvw.exe (PID: 6192)
      • mscorsvw.exe (PID: 7024)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 1556)
      • mscorsvw.exe (PID: 7136)
      • mscorsvw.exe (PID: 7052)
      • mscorsvw.exe (PID: 4504)
      • mscorsvw.exe (PID: 6236)
      • mscorsvw.exe (PID: 2220)
      • mscorsvw.exe (PID: 6280)
      • mscorsvw.exe (PID: 3640)
      • mscorsvw.exe (PID: 5712)
      • mscorsvw.exe (PID: 6176)
      • mscorsvw.exe (PID: 3736)
      • mscorsvw.exe (PID: 2280)

    • Creates files in the program directory

      • mscorsvw.exe (PID: 1572)

    • Application launched itself

      • msedge.exe (PID: 2676)
      • msedge.exe (PID: 6340)

    • Manual execution by a user

      • msedge.exe (PID: 6340)

    • Reads Environment values

      • identity_helper.exe (PID: 7044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:15+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x351c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.0.20251.1171
ProductVersionNumber: 5.0.20251.1171
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: http://www.telerik.com/fiddler
CompanyName: Progress Software Corporation
FileDescription: Installer for Progress Telerik Fiddler Classic
FileVersion: 5.0.20251.1171
LegalCopyright: Copyright ©2003 - 2025 Progress Software Corporation. All rights reserved.
ProductName: Progress Telerik Fiddler Classic Setup
ProductVersion: 5.0.20251.1171
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
250
Monitored processes
129
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start fiddlersetup.5.0.20251.1171-latest.exe fiddlersetup.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs ngen.exe no specs conhost.exe no specs ngen.exe no specs conhost.exe no specs setuphelper no specs conhost.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs msedge.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs identity_helper.exe no specs identity_helper.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs mscorsvw.exe no specs msedge.exe no specs mscorsvw.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs mscorsvw.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs fiddlersetup.5.0.20251.1171-latest.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6916 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 344 -Pipe 314 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e0 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 378 -Pipe 344 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\oleaut32.dll
628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2c8 -Pipe 2d0 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\vcruntime140_1_clr0400.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
1224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4108 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1416"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7008 --field-trial-handle=2564,i,17418927294871575054,11262187057775139491,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1536"C:\WINDOWS\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"C:\Windows\SysWOW64\netsh.exeFiddlerSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2c8 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
Modules
Images
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\vcruntime140_clr0400.dll
c:\windows\system32\ucrtbase_clr0400.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
Total events
19 330
Read events
19 210
Write events
118
Delete events
2

Modification events

(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:InstallPath
Value:
C:\Users\admin\AppData\Local\Programs\Fiddler\
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:PluginPath
Value:
"C:\Users\admin\AppData\Local\Programs\Fiddler\Inspectors\"
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:ScriptPath
Value:
"C:\Users\admin\AppData\Local\Programs\Fiddler\Scripts\"
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\InstallerSettings
Operation:writeName:InstalledVersion
Value:
5.0.20251.1171
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CLASSES_ROOT\Fiddler.ArchiveZip
Operation:writeName:PerceivedType
Value:
compressed
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CLASSES_ROOT\Fiddler.ArchiveZip
Operation:writeName:Content Type
Value:
application/vnd.telerik-fiddler.SessionArchive
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2
Operation:writeName:UpdatePending
Value:
False
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\UI
Operation:writeName:frmViewer_WState
Value:
2
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2
Operation:writeName:JSEditor
Value:
C:\Users\admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe
(PID) Process:(4556) FiddlerSetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2\MenuExt\&Sandbox
Operation:writeName:Command
Value:
iexplore.exe
Executable files
133
Suspicious files
327
Text files
61
Unknown types
0

Dropped files

PID
Process
Filename
Type
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\Fiddler.exeexecutable
MD5:2F4B36FB6AD5924CD885E5AFFD34444C
SHA256:FEE7CC5076EB125AB2C5574227DD1FC1DBE9FC53FC6CFF0C057F3FD7F36FAF6C
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\SetupHelperexecutable
MD5:129B3A70CD38A2BDB8E67E2DE23CA2FD
SHA256:50AA869FECE341B7432A44369E086AE8939C7558D2F9C76E12040883AA7B533C
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Memory.dllexecutable
MD5:6FB95A357A3F7E88ADE5C1629E2801F8
SHA256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Security.Cryptography.Primitives.dllexecutable
MD5:A60084F9988C7907F7092C143C8D3818
SHA256:B755D0B55A465D07C9DD3FC11822487D1E649B684AEF91A4CE9B935B416A01B9
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\ICSharpCode.SharpZipLib.dllexecutable
MD5:9E9E0A210297968AAF2E00D13958C0B4
SHA256:CB9C05B5A1E1DB26FF43490EE26F2E02ABAE3F321D2DD5DDD43A68DA48EAB83D
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Buffers.dllexecutable
MD5:ECDFE8EDE869D2CCC6BF99981EA96400
SHA256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\App.icoimage
MD5:2D49CDB07BAAD04A2BC9F50547783C6A
SHA256:FBE4D11CA28371BF36D48378A9E1DA29DCE0EFC373FF4E092E47B656505FC4C4
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\System.Threading.Tasks.Extensions.dllexecutable
MD5:0F384AFCF671483188B9019D3B7457A7
SHA256:2C9CAD6410E37E44FA73CCCB576F418184F1AE5A0A257E165A136BDAA941A0C6
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\EnableLoopback.exeexecutable
MD5:97A68E97A89090D48B1059CB4789EFBE
SHA256:9B13510ADAC9A41F45B4ECADE076F2D947799FC51EE4B8893401A977C3647783
4556FiddlerSetup.exeC:\Users\admin\AppData\Local\Programs\Fiddler\EnableLoopback.pdbbinary
MD5:A4D3E5A111CB55F122A924A342A647BB
SHA256:CD75B6F96E5F9FAFCA0948C2AFBC55B7FDF14B20AF3FFABB9EF471EFD4506082
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
145
TCP/UDP connections
145
DNS requests
143
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1684
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
OPTIONS
23.216.77.175:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
1684
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
108.138.7.118:443
https://api.getfiddler.com/r/?Fiddler2FirstRun
unknown
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
587 b
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
10.1 Kb
whitelisted
GET
200
13.107.21.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
748 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2.21.65.132:443
www.bing.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.21.65.154:443
www.bing.com
Akamai International B.V.
NL
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1684
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1684
svchost.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1684
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.9
  • 2.16.164.106
  • 2.16.164.99
  • 2.16.164.24
  • 2.16.164.18
  • 2.16.164.32
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
api.getfiddler.com
  • 108.138.7.87
  • 108.138.7.101
  • 108.138.7.118
  • 108.138.7.27
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
www.telerik.com
  • 192.133.11.3
unknown

Threats

PID
Process
Class
Message
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6652
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FiddlerSetup.5.0.20251.1171-latest.exe