Strange mitmdump behavior in Windows

A single call to mitmdump.exe in Windows results in not one, but two processes named mitmdump.exe, as observed in Task Manager. I am certain that both processes arise from the same call to mitmdump.exe because Task Manager reveals them to have both been called with the same unique command line arguments that I supplied in my mitmdump call. That is, if I:

  1. Kill all processes named mitmdump.exe with Windows command taskkill.
  2. Verify that no processes called mitmdump.exe are running with Task Manager.
  3. Run the command “mitmdump.exe -p [any random port number]” from a command prompt.

Then I immediately find two processes called mitmdump.exe in Task Manager, with both showing the command line arguments “-p [same random port number as above]”.

However, one process always has a larger memory footprint than the other, with the larger starting at about 35mb (and growing with traffic through the port), and the smaller no bigger than about 3mb (and not growing). It appears that only the one with the larger memory footprint is doing any work, because if I kill it, all browsers proxying through the specified port lose their internet connection, whereas if I kill the one with the smaller memory footprint, mitidump continues to function as normal.

I have observed this behaviour launching mitmdump.exe in Windows three different way:

  1. From the Windows command prompt, as already described.
  2. Using the Windows CreateProcess() function in C++ (both MinGW and VC++ 98).
  3. Using Win32::Process::Create() in Strawberry Perl.

This would perhaps only be a minor curiosity if not for the fact that in both (2) and (3), the returned handles and process IDs refer not to the mitmdump.exe that is actually working, but to the seemingly non-functional zombie process. I can kill the latter, but I am left with no clean way of killing the functioning process. This makes mitmdump.exe rather useless, since I can’t make it flush its dump, so to speak.

The “dirty” solution, I suppose, would be to make a system() call invoking the Windows WMIC command that lists all processes by name with command line arguments and killing the one called mitmdump.exe and having the right port number specified among its command line arguments.

P.S. I’m using Windows 10 1803.