hxxps://www[.]youtube[.]com/watch?v=uZbluITLgyg&ab_channel=SoundHome

Analysis

max time kernel
536s
max time network
540s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=uZbluITLgyg&ab_channel=SoundHome

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.13.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 19 IoCs

pid	Process
4648	tor-browser-windows-x86_64-portable-13.0.13.exe
1532	firefox.exe
3604	firefox.exe
2668	firefox.exe
3296	firefox.exe
5344	firefox.exe
5500	tor.exe
5640	firefox.exe
5948	firefox.exe
5284	firefox.exe
5540	firefox.exe
5692	firefox.exe
5308	firefox.exe
4908	firefox.exe
4916	firefox.exe
5292	firefox.exe
4780	firefox.exe
5540	firefox.exe
1848	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4648	tor-browser-windows-x86_64-portable-13.0.13.exe
4648	tor-browser-windows-x86_64-portable-13.0.13.exe
4648	tor-browser-windows-x86_64-portable-13.0.13.exe
1532	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
5344	firefox.exe
5344	firefox.exe
5344	firefox.exe
5344	firefox.exe
5640	firefox.exe
5640	firefox.exe
5640	firefox.exe
5640	firefox.exe
3296	firefox.exe
3296	firefox.exe
5344	firefox.exe
5344	firefox.exe
5948	firefox.exe
5948	firefox.exe
5948	firefox.exe
5948	firefox.exe
5948	firefox.exe
5948	firefox.exe
5284	firefox.exe
5284	firefox.exe
5540	firefox.exe
5284	firefox.exe
5284	firefox.exe
5540	firefox.exe
5540	firefox.exe
5540	firefox.exe
5692	firefox.exe
5284	firefox.exe
5284	firefox.exe
5692	firefox.exe
5692	firefox.exe
5692	firefox.exe
5540	firefox.exe
5540	firefox.exe
5692	firefox.exe
5692	firefox.exe
5308	firefox.exe
5308	firefox.exe
5308	firefox.exe
5308	firefox.exe
5308	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{A31CAA43-B4AB-4CF8-9C64-5646116B8FEE}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.13.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 707510.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
5088	msedge.exe
5088	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
4900	msedge.exe
4900	msedge.exe
3976	msedge.exe
3976	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3120	AUDIODG.EXE
Token: SeDebugPrivilege	3604	firefox.exe
Token: SeDebugPrivilege	3604	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe
3604	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4112	5088	msedge.exe	85
PID 5088 wrote to memory of 4112	5088	msedge.exe	85
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4544	5088	msedge.exe	86
PID 5088 wrote to memory of 4136	5088	msedge.exe	87
PID 5088 wrote to memory of 4136	5088	msedge.exe	87
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88
PID 5088 wrote to memory of 4820	5088	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=uZbluITLgyg&ab_channel=SoundHome
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7aef46f8,0x7fff7aef4708,0x7fff7aef4718
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4648
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1532
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.0.1518806079\1153911225" -parentBuildID 20240322115718 -prefsHandle 1880 -prefMapHandle 2184 -prefsLen 19246 -prefMapSize 243612 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d4622684-ac9d-4908-a782-b573dfc4fc5d} 3604 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2668
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.1.489318163\1832200879" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 20081 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3d223ef8-f939-45ec-b47e-98729b1c9839} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3296
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.2.732527854\9869830" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 20833 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e058af60-9680-4d7d-8deb-e935e87f9d14} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5344
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:2c112a837f08822460dbafc019d5f85f96658d3d503b03f28578a1d929 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3604 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5500
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.3.940291638\2122251982" -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3400 -prefsLen 20972 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1b31020e-e18f-411e-a795-9dfed1113c2b} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5640
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.4.442407422\1739288540" -parentBuildID 20240322115718 -prefsHandle 2468 -prefMapHandle 3672 -prefsLen 21296 -prefMapSize 243612 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {81cba5a1-3d2d-4732-ac0f-910fde356a62} 3604 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5948
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.5.2052016574\38347474" -childID 4 -isForBrowser -prefsHandle 3372 -prefMapHandle 2020 -prefsLen 20627 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1e964b79-6acf-458c-98d6-ed542eba0eb4} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5284
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.6.1225919756\2132720531" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 20627 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e3d46941-15ec-4e9a-8fe9-21712036f2ce} 3604 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5540
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.7.1734413396\655727065" -childID 6 -isForBrowser -prefsHandle 3196 -prefMapHandle 3184 -prefsLen 20627 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0fc3923d-bae2-4540-8469-862c344bc34e} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5692
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.8.478412246\1997962936" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4504 -prefsLen 22719 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d83ffe03-5f6f-43ae-a2b7-3e6d1e026248} 3604 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5308
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.9.2128653782\1479892593" -childID 8 -isForBrowser -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 22800 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {72041301-9edb-4da0-ae4c-db6a0d7ff6d2} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:4908
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.10.2004640208\595202817" -childID 9 -isForBrowser -prefsHandle 3524 -prefMapHandle 2696 -prefsLen 22800 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5ebafc95-5104-4ea4-8834-9f2672addd00} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:4916
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.11.876729117\1981321539" -childID 10 -isForBrowser -prefsHandle 5308 -prefMapHandle 5268 -prefsLen 22800 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9fbf1ebf-8336-4599-8b87-e24e96285950} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:5292
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.12.1878030775\1216390065" -childID 11 -isForBrowser -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 22852 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b66b9937-7429-49d5-8bca-a0f433a59793} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:4780
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.13.557099203\828189294" -childID 12 -isForBrowser -prefsHandle 5612 -prefMapHandle 5528 -prefsLen 22852 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b96a04bd-4764-4d7a-a1d6-3b976cbc3ef0} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:5540
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3604.14.428191174\1570412434" -childID 13 -isForBrowser -prefsHandle 5424 -prefMapHandle 5184 -prefsLen 22852 -prefMapSize 243612 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ab294d06-f026-4ef1-82ca-162df594b4ab} 3604 tab
        5⤵
        Executes dropped EXE
        
        PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8328 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4648943846109803462,13623546225097761457,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8316 /prefetch:8
  2⤵
  PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
35KB

MD5
5e37c5625ae47ab3ff0f06ae3fb0c850

SHA1
0453bc4e6e84986c5178df976870cb44fcde7b9a

SHA256
bc0ec5a5880fa67188ecd02c51d4b7f99b87c9c222089b555dec81d4b7cd2b4c

SHA512
acaa24ac46d9a220e5dcf7fdbb3ef49003152d31a782703ae0c23eb80a20ac2e4d870710138be1b0c9ed8f0e8d72d991c8b3cf6a88087db416eb53dd1329fbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1.1MB

MD5
93feab00f76536d681c1b77eca2c7caf

SHA1
c48cbe893b3178a56357c132cae2fa63918d790f

SHA256
5da61564d6ae3fa4506522460d177f8b642b20bae63f81cee14b9ca71fd49226

SHA512
6276f945f1008c70bdc559a8d6a14c609a033af2fae6bd80c129da546e7df6cfb3fcdcc452508df8ee5be7a0a87a6f9930664b8b9726c4e52877802a9ceca5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
27KB

MD5
bffb059f66bf71c890cc5b5ae438989a

SHA1
e13ab1e1accbf64e3e430f02f7c10ae09d413ac4

SHA256
3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64

SHA512
cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
19KB

MD5
ce2bdc9ee291575700acedaca2d1a2c0

SHA1
817f29c93540b36b63dbec76ae0be774b6d2f4d0

SHA256
1ee77085d6e13fcdd5355d7167157d4671e3d3d96f75164d95dcfa6318e86d07

SHA512
0736e870fbd29fd1ff93a65cc07fc148b1350126d778b989570cdf01316b7eeebfafd4c3932dfd885d95c325e2a4664bcbeebc10f3b5e668bf164f692778fbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
19KB

MD5
d99a122d7cb17a0759f9693e8d105bd0

SHA1
9321bba75c561fc3c43aa28b2191a0eaedc76d5a

SHA256
8db37aed80b8f1dc10aa3a9d81a49a79a68d17c76406a0e0e8909e721d9f8668

SHA512
f05734fbbacec02251affb9850db468ee1840adb67b8213a816a2893afb3c9bd95dc25b7ed83ba93158efc718de5d41cb3411074de6da52441733d6ec1aff2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
18KB

MD5
fe25151fad2965222d7894dfede59e7a

SHA1
5bbba86e9fe710d80c150e05d780d4bc4b88d1e6

SHA256
ff0a4097bc0c1f877a59efb3d6be2a4df8895a8227f48022a70d60e33b7b81f2

SHA512
895402dae22248c884a0eb553298405190d3dee1a7efe997631c194720f8c76bf7a16f8c0503bf0b43377a582b05c05fa15deb1a84f600b8d2fd72cb860cec50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
234889df548acac81e2f1eac81f9069e

SHA1
caf7052dacd9a42ef3103cff1ce6036f573b0964

SHA256
5e8ac6b52fe0d0e12590792763391d507847d2fa22377b7e7be459b0102cf037

SHA512
26ca97c122bd5b3c4d3dae5838cc15420b7e20a2ca30556da7e83b510fd5a16b5de01b7bc1e057c3adf0a1b047b80bd638dfa34c9c66033d823cd1b4c0f6e643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b69c3a763458a08f8eb4ea0cc79d8d5b

SHA1
75401f1fb75ba6b443a487dd3f0b6aba95478521

SHA256
115500b72071eecd7e54b444798b7b02002267a441918e1ade1270e64f5b38f6

SHA512
43ea50ff61cdbb9920e6d125d0ca6ecada3cf303a2cf51e04ebc9566deb8428b567b7befed517619ea642cdf9aab5b6482f99566610e3bd8bdd2eecff8857322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
34289b7f69f9b509062ce6e8228f89e5

SHA1
53e5bba27f021d1a5fa215125300a592dad06ec4

SHA256
7ab33156114538862581fd1d3a9ced364bbac83b56ff29fe295af63f81d8563a

SHA512
82566e8971f8e0b704403daddc58b4c047690e5a6db648b7bcbe8b8c3948d0ba8d4251ef79dd8cb34f54226940e1ea2faca4b73f31d32e44879e8e5e320035b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a3cc2a63768a5ea7c60407f9758cf24a

SHA1
98830b0cfd914ad32bb1d46dcb3a55dfc6978a2c

SHA256
2eae30a672f1e15c807f4fe5a4d05c9cd12cf1f9b8099c8e60743ba7bdf60324

SHA512
5187df77fcf3fe860ea8b8c168c9ecb5f936309dbfd424c29c2f0b9ff3257d31c326a7997668193a5e9158339a1c9515912bb1d15cc55340183524b4bc744d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3a20f507eaf0b18182f6c8840202fbb7

SHA1
26785dda9abd38de1f0c9d2e6cc4c95d74da243f

SHA256
5dce2c87e7ca858ede5c9c78e27b8c5ab1e8f0e475d5382602943c434ffa9479

SHA512
23513e0b9bae322f7a490167ae831009f00e2f270e6b7b57f692861dba68f06b54667ddb4383dcca80ffadfed1904f074b66230172eaa959f12807ed98c3be49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d917086722e59b5a72c57ded03e6dada

SHA1
aff616fc7cfb314a41dde784b873bb397f03a98c

SHA256
31541f88a42cfd335059764816c2278b6a4653fc30e47ddee2887963e1089df0

SHA512
71db9db3d795f4b2b64dd99d55047f735b12739ef12da98e9d7c5f96a4b2284f02324948d313944b8ac5bccda6586ae61248fdddb1b28868d3f475893e64dfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e2b6a73b156b67295071743a4d2daf1d

SHA1
0dbb1a3b79149962656482da62144363950672ed

SHA256
c8119c211271ff98403c25779541953dadd50e69417001e74336eefec62d4107

SHA512
59eb02b501644d8942adf072a580833f3344efb6beec0f21abb27eeb222c146eb914c70a40a7c2700d255774921ad0a523e1e51e805219ce815a6f0c50a3f848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
161df236bb8876b5456637b9df584612

SHA1
3aa06bd2fae9636a11af78dbc5a569dfe568d583

SHA256
9aef64f02cda1775697db6f7735b5b21ab0d0156fa96e332b7386ab45637f1e1

SHA512
d331bbd0c90aa56b91376b52504d8f0fda432f30fb5ac2905646036b8ccc88d32bd71ce1d54c79e70a8f1549297e2cd1460382c7a870592a1e6ee4121b875055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
98e64e4be7112deb623bde76469c1c71

SHA1
99487f27fc656e183abcb4711b1fba2056482828

SHA256
47ef9e7e12e46b29c370c1bce18caad5864b98e35799749a6e1b6236a87de187

SHA512
7dddbc5c75ed1cc34c1be557220a7490f49e8dde245319b237fedb4f68f46eaafcc0750211fcec0569ea4a3d64c0a4109349691813fe9ebce5c5498bc4a7a623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
933b08f14f7937becb3c0982e8ba89a8

SHA1
761db89fd67ca51f877f549359fb634f1cde0a90

SHA256
9094d77545d0a8ae07af4e55a44e820a7dc6347d8755f6c226ed7d83d24d841e

SHA512
ada42804f8cc31f844aec476a466ff36f89bfab44796a60bc362771517a87921422e626c7bc757bc5427e765d12bccb5c66ba785b730e23d1eaa215a7d21a6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
7b64b20711bda6ccd6c5056599440c91

SHA1
e16366b91ffa63d2c1f7681a785449ea7a146d6f

SHA256
0cf2317fba6520f7c6c068da758444d0794ebd9b7d6618f43895e2f3824f1df1

SHA512
7b4640c620e4a7d81176df2ef8cce0abcf077137c1c3beaf6c610458dfd2f6674368df8899b90e62871bdf134ef36c930593a91f4a192d80690c5391d1ec45bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0cacd1a5d33342bf2341e556ee0b44e4

SHA1
6fd9313bd879be71c25eed7a595d4f957840b749

SHA256
ea7dd060eb2a2ad64a997fb8096a527e458f0cb314da0f729da63b575b7eb79e

SHA512
2e736b8d27b5cf4c405bdb0705a902b9837ef3fec4995d92fed4e253314fbc65274bb69627f6dc186ddb7c79d72a59f999e4fb43611542e30cd13fd223a8d316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eabb8a6e4515c8fd482a4d22a14af94a

SHA1
a4501ec5c80b5867e6612baa99d58d72549e68a4

SHA256
a0a845a66a7a71a2ce36733db74769018607c7c0573d73024f97dc776085aeee

SHA512
3d7e641d54ef8339c405f7d60fb4f94a8f9ea90e70176724d9194f88ae92129da581a15a2fc7ef3e9a614b555fddbb2097338f67923b6e738e3f71fac87af43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84a349da86819b0bb28c3db011a0083c

SHA1
b0c5f601308dc8a7d65cd5fade3750c5cea38468

SHA256
a9b103dec4329f6d994cbef80b4d047a97fa9a8ab9c78ea92e4558bfc91d6350

SHA512
9a17f3b62e03d84453419a15d5c1ddbfac5316e6a314eeb04213f3ae779694fcec2229b1f082f6acd36f57a39859340824d5c815a45fb66afdcfe8918344c2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
666628118f1d6a63801ae3216d06f76b

SHA1
564ebecf935aba433d640add55a207bf88e701cb

SHA256
a9c10b261f1720e2dbea3faae8b3e4264e3cece9c71f2fd6aeb47aa89f49a4ff

SHA512
9d6a902fd579cb1ba26d14d64d5a2bf029ff106816d36e408c4c093510ed14e3f981fafcdf079cf98b953441e5a67fe6705527fbc4633f295c56eddf3cb423a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed331ef74ecef44b00b585c433a380c1

SHA1
64e72dad78075db0c0687dd2579a552db1069cc6

SHA256
8ac1a30ad1102de8c3356bcd1eb09be7ba37c8a0b5554303a5a760f8b6a2365a

SHA512
9e34e16e07fa3c31000ed5f222df301a111606eca45dea3e807908ec3194500bc9df0018330e5653d81a5e6ecb1ff721b49fce6ec81ce0e5562160b7df29895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
480f15cfc0a4b4ed6fe0b8f363ba10fa

SHA1
6c3ea796b24692c4a5e2f5fdc5f7a1df17628d91

SHA256
1a759962505731dbcdbde42cc722e4366d09eb0f153d47d72b186e0e7220191d

SHA512
d6f17bfc5cfdf0bacc280c5c76be1f3583786bde135538e14edd1fb8210a3971221e9eabdefbe3ac9c14e0555457c6b09506ba494c11a535301da4415d166b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
42d177f40bb8718585b2c6bddbba1b2a

SHA1
3aba0c1208f09b4cd4b03b61ff8050b766d87550

SHA256
53d24332bf7f7fa250d897442fa9e1ff8db89b9f3d24f5742bba5dc66b3e1d48

SHA512
16d02bf6209d8283a0ee64104a7beda03f8cd535933b665ff36334d8696f9f0a0f2c10cfc538135d7253e28979e17bea3dd8eaadfc51c459ceb646be91fcc69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a65db83ebc78f0042dbd5dbd938b3d9

SHA1
d2033528970814a90f474b3f4f3f9629c739893f

SHA256
ab07d0a4311660bd52d566298f247cde08c9c72790be5be9ff440ad52b1fc0b2

SHA512
3156eb89e2af9bc2ce5779240978b6cea1c8e84ef5a0fbf4d7a9e1f38a58f3273f8fcea8f2678685ba46734c7c26ad5b0b9db690e86c561d3d92d4aaf6487ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
424932b2280e7cafd08f2c149132f0de

SHA1
98e8a666677cb3903303844231cad5d19843b088

SHA256
49a54aed4ad2d453d3bb2365e92d82ee8ca1e19711812b13accad865561d9222

SHA512
29eb72edc512434cb5a7e70ce83caed96d45048ec4dff90234bf0393ed75b8af8281f7846b679472b12034675b31f32bbee56cc96d73f4eab021ea2926a0d137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af80e220ba419bcda32c9e5dda5cb13f

SHA1
4975bbbedbc696d77345660aeef402102c7f811b

SHA256
e911216a2c7e20322183c64fcf1f9e98d8eee803682283d1d13d9c94e3979826

SHA512
9a1d130f68b07b48b3fbaa35b5fe80503fbd9ca79754015c3043374aac58649f48a4aa0331c7caff20b6adeceed62ce905f6f8e4fd9031e778d1d0947114825c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6f5f4bb37fe33d8fe06e00676549a15d

SHA1
1cc070d08b0228b25ba35e7ae6a4bc10a2c7b8d6

SHA256
ec27d782f3c667d9667dfb4ec51c91bc4004f68b51be2c023be2c539fb7b42a2

SHA512
4a9703d322c5bc11f24917374ee4dd2419f1e59b3b49d4c36b6c1bb09fd90ce13be8cb692cfcc4513736e2d5f2dcdf044c0eb7c71c0fffda8be417ac3be92c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f6dd18f-ddd8-4a4b-9a8d-45e4a0de06dd\index-dir\the-real-index

Filesize
2KB

MD5
9328c712ec9c8f25dd63a77b5e0951f1

SHA1
ee8894effb349d8fa5cd8e61c4afd57e83fe7c2a

SHA256
3602d280e9a2a2773b6f74854e29f282f5d068c5678f2a55737e3b74ae4f25ab

SHA512
7a5fb15a71f4d377768d75f3662978664ddd4e1c1747ed531dd6bb49104fa6047dabe03648b94c37379492736f2cbc76788214ab833b61388ea452df257d64ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f6dd18f-ddd8-4a4b-9a8d-45e4a0de06dd\index-dir\the-real-index

Filesize
2KB

MD5
05210f31bd17c274c213a9d59e14eaad

SHA1
2a1903a543137d62f568295c7a50f4a459c0d2e9

SHA256
d15528e218468d4cbe6d0c92eaf7c45d22829680da76397f74cbcf67355d98b7

SHA512
133a0bbae9e76ffee0b6bb20f71b12f0409eadfe0285f974deef1d335a0202403491ec676a5842ecae60da86f256d85571951d6ce42bf55d2f35be748bc2c504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0f6dd18f-ddd8-4a4b-9a8d-45e4a0de06dd\index-dir\the-real-index~RFe57a0b4.TMP

Filesize
48B

MD5
269572349d7a3f1c88dcaf57c1a30d92

SHA1
479cbf78df763e54fb1e7dc3f171a7ca37a4125b

SHA256
f846e495d941c95b521dd9ffaf29cd1c5fb53da346377c83dcec54f4099c5d9a

SHA512
4b932b84db2f9f4a2d402a75df04a38443a67cdde0fb55167d5e474dcd8ccd655fae6e5f28d322c41e4a6efa8e6d91a9421f9a247c7badf3b835ee3ea53d4257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7a612bf079568db218bcfbfc74efdb7e

SHA1
e355c4dfb57b96d300a0a01a03bb5036b0b2005d

SHA256
3e09714f0bc73048b811427de415d0f7bdbeb19f1bb242e48e9497eb16eded7c

SHA512
d74f6d6a89430334f2ae4d7bfa9aa2ef375a869e25f3a0c5b580080000f0a169ba7968c376225ac78b6e7c228e25ef2b40038f95a815a247aebf162167c87650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
a1c4671b5ae676dd6650ca0608faae16

SHA1
b993f9f1e89cf8fd69bc0018b942d83c8de38808

SHA256
7d54a46ed8a6f5714bf86111fbdf6bb40bde01eabba5d7caf1a563900da895b6

SHA512
aea505fcd81e2cb782e0369ec56fe420872f4c2d0780a6f992cf0d85802aa4221b961d8e3a131a71c291353d7245302e8a6d4af514939b820d6f7c886ff67d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
88a8a0d3ed1d9a6e5f62d2b9c8582011

SHA1
962d1dd986b1592b41381806ae886446fb104622

SHA256
06b4017527b0d6a0907955f0b5bf000aae0ef5805c2ee08beaee965934f3ed13

SHA512
d1dba132030307453edac5e2c1cd5598fe77f331e06bccee8384a346a2399abe911f54da6e0ed33f0f6215e310e6d109b37fc27484d2a9c0d75465b37f03e4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d7da30acd2cdc4456ca6e05437cd6988

SHA1
45ad3092f139d5af021c74a3ae913852371b0c35

SHA256
ac98877ef11a30832fd629b976c77edec339736e7ddbbc5da122ca9e302b2775

SHA512
e275cd976a5264471b62e53821b9800d0ae3fa6d0ff119d1b15d6c179b3a732e7dca3725272f15592a478e8ec01a8feb6e9d81a423163af4617028bd61046abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5746ec.TMP

Filesize
89B

MD5
d72b5056a2b145ea0334feb58c9fa813

SHA1
5d650eed9d94b1a5a5ba67d4dd2cb403defd8a83

SHA256
65142e8e409963e5303b74e44a0fd78f4088e710b6fb1e21c63b42e8c46fb678

SHA512
156e753feee3cc8c7de813d0ad949f8deec59f30248038365fb92b32c0077c7e7318f3749a47522510082b539737979076f3d5990a9b18f9c9de613f2c7166fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
1cd0bc6b5a51b4a794213ad74eef3bfa

SHA1
f63fb73496099d4b15f2a96e1ea23cafe4ba9d82

SHA256
31a1dc5da07935333bb166cdaa85a3d67495ae7ff8f78d3d97dad90260d20cc5

SHA512
cf530dd1f5c3ab143f857ad865dd3ea06bdc6f8bb0321663c3a6db558024e833c86ba6f5b1a4ec2eac2dd4b963a798d5695f06441c331e84c5cc83e80388edeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a4254cc616d380967209cb0aa3f687a5

SHA1
5283fd4aa1ceeb8d98863df54f98d4b59f25bd87

SHA256
4439885b3721a158801b1591710d221db0d7c08c4d7c563ce29595178ab7e6b8

SHA512
b5993ade8db23f2fd8439378eb62a718f3d7090a494542679ffe9c65b761fd832032ca86060fb12c3e4d4f942d2bb7c9c183fcc436dcfceee14aebbdfbe111ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5795e7.TMP

Filesize
48B

MD5
a24a26171b772e34dcbdfa2ef0b64f90

SHA1
657f49992428eb7e5a1ce6e88df4a6cb3b6f4183

SHA256
5ac1f6863923993ab5d1b10f19ab661c7a64fea886f337d0405659df39c23857

SHA512
3caa36c8ce771094b77df10866972b7e84890471033a54402fb50e0e46118d0a6701d513b745ea5eb711a88640ae04de72ab9c110c71bf5463515e0679331ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bcdc0a6d39e348bf6fbeadc2659863b

SHA1
a1fb7c8a04887a03c9deb64673ec97871f41cbb9

SHA256
a727b47dabf046b79ab816a5422cfbbbb6c16acad63e86876d8d54b9973ae6ad

SHA512
cdbf482cc43fa67c4e855ae5a00db0d5682c3c51c1dddf41d25ba841c4319d846068d27120cfde2b177923aef3ae020ff6ce53b4a4ec53f986d29f3db6012972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2220a436f9f7625c394c181e286ac4f2

SHA1
52340d7bae3a7dd2af6af3c3cfa48301b7ecf7b8

SHA256
5d3679572628764b0239fb23c990063b1c5126e13e3bfbc8816a79f95c2cf4cb

SHA512
bf4aa30ee64b36e5f77a6626a51e11fb5da75d9c7f361d94123b4151f0ba662c2157c82b1c00bb03721f1b394045193a8c818c1d9ec418d59b146b741230e6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a1fd6ea1c6849a2a5f560721e78a76ef

SHA1
efc1a9c0f33ae6f8d0422ffa850f76b576d6c275

SHA256
255e61b85468d1a9cdf3790dbe9fbab9dc4111122b678950a139a7a57cfb66ef

SHA512
e7a427faae3c25cb9e0b7b24d75bf817b70ddd050c3b8007b24e0790950dc66e48ad0990008775a73f133cff79db10b782eda268f2915b56b694a8c83345c902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a4f75bbb6c63a5debb09bffe30009ffd

SHA1
73c9e51e4265d81a680fa0143ee18d621b3876ca

SHA256
bbc4d6bd79014d60b28d4f305a75e69d4f15cc267ecf52c0ee86fa1aa723b490

SHA512
5f1aeb177c7137043e2c5e86f6050a1bc946bcfc7f4f1eba7d8931e320914a2383228ba71cd6518ba48f925f0c0e9a81968c3cdb5cda4b207bf89c10796145a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a3f0cca493eff21b929c8ac61e8e3edd

SHA1
5cb8b3c78d93cb73ae097953df4e3e3ec0e83473

SHA256
c08dfdee98bd2fdfe77e3210b8ad47ebcaca4ddbedb1f4329e52a7facd0bd2e9

SHA512
5654fe70a8a187b018638680bcfe3780f627d927ff6a10723d6a31b96dd7590b2d49b079e20fc4af7b4996ce11b560c7d87757a909cbe732c20c7cf745680d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
1ec69ebeed33201109a1a42808cf0288

SHA1
6fa8a69470213f6b8191945c48bb7198c6b6fe2b

SHA256
22b8f828f3000ace6f2e4ab81a74b3debab8351cf3b8b3f0fee2269e2fbc9148

SHA512
96f0555f0a4c91e57900f7ef1447a232542d8a82a963e8085c1daebacd8d9da42e8f0dbff1f0393724f20d5740dd8dfc6ff8932a643ec18d9d1ce645d600d4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1827662eaf8ad00de6415f9c8bbcce9e

SHA1
ebffa598e77957e1776bdac0f7f52eb78633b538

SHA256
3ed7092f2994b20a925385fda1813b55748cc793747f84a4a405714b7adb4338

SHA512
531fbe0fd7c0d4c4c4168b0f11f5722d939ebc7013700b1c8ef23a378e450a09ff40bfc66ff6c68a1474e64c7b3f5dcfca012248a0fd3422f40310fad6299e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd31.TMP

Filesize
702B

MD5
5105c1bd858d1a6562d34649f8cf9aac

SHA1
dba129becb5617394db2ff976529631aef1be065

SHA256
dd1742326badc6c6c41289be24738e5b35a1812f358be057c0de303dc443deea

SHA512
551fee28d9fac706491ce48da4f14aad6046c578c6b08735755c4e620f815d15b69d3d745ef3e03383dcb02bd890d4cf50b3d59bc14e0ed21de755680b2fc784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4ef5defe99eb79df95b8e63c7dcc6ee4

SHA1
dd6310c4f6790f1e3ce35de9b90abb0a0abd9383

SHA256
bfc94d33c4e6b2b2de6ccc4f9db53eb7c54fa490a565afd51062188f65adceab

SHA512
462a83c039a685e44f12b7bfc84d20424ee5e35a47abb2f68aa96c9f2e7838b65cff56805de81d78eccc38bfe56937ce470398dfffe4181651ad9a9e1bbb9ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
81a58a63bb4ea4a4dea8e537d5e7d3bd

SHA1
a48f252dd30fd868cbbc41d2664bd764c757b90e

SHA256
d6953b332ba23131efd4f99588129daedcfe0e12fe2b22738a1202fa1cdbaf0d

SHA512
525b333651337c0749711635d8f74df7ee8485ce5be2642ed64d77d898094a79f115fa195effb0834f7fbfdd5fa5069c27a759ac216fb8de458e40bb34146d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92f92e0d9fc832a109aa658456aec9d7

SHA1
1670de8700c07f6b3aaa11e66ce462d3508382da

SHA256
874585f19152e82dcf48186b00c02aacc77f915ed9db77986f44c2e51a773137

SHA512
68ebb9f90cddb830edc2b5803e0afcc8f314127d85ff67370955218097e00e5ec1845782378a56f2da87fd780facb30de506ce38191e833e4771522d0083194b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60fdfaaa73aaf6c31f0d113315b95cf8

SHA1
9a42a5a3444953b6878315441b8d4561608b52b4

SHA256
246c7622115a71a7b7d0ae3b60e1e60a4e1d49d47e5a5bc26b5edc89d75dd889

SHA512
0206335388af0f506babe5486f525f998993e98175df6e80ae8ee6646bca5822a74109ef593301b6065d60d8d324da00f3adfa930a8719ace527c73c2b0873d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c2436382b8fde2ae0b136541ea30c6c2

SHA1
77542e87b7d3973a2a7d77ea5f8e067539996cc9

SHA256
59891b552f18e24a87a673e94020cb1fd8323a77abfcdfe526549d1146a3b3d0

SHA512
acfe949f1b32e340be16c761d1b6a306e23e8a5a1b76fe15f398add94ea22b95f102615e263a4e80ebe424510cd91e9db62bbecf0e64c240b5e2a2e62cfa95e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3000d6dc1f151283fdf1fc69ffaaeb0

SHA1
87f0372195341539f854d7abc460981a33608ca1

SHA256
cb86fe583676b60eba25d8f137c9b6bc0f26620b79bb1fbd80ae9413f08d33f7

SHA512
a456aa9ab2d331cb19b55569107141d5e518c6ac67270a18c492c199c848d9d9e097715821e33ee58d715242703648e804617e7a20b9782b68af22107b4743c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqABBE.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqABBE.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqABBE.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e83ea324a193e22ca495c8970bfab771

SHA1
181685efabb13c98fd8f7f1e4f98c45339153038

SHA256
647687f13b50809f520c0660b7438b2d224474f4504ef55823f8624b3b0a8a4c

SHA512
ab7df682d2ef90806a06ccba77f3685aef0677154754e14f22bd4914f0c2c4d6cac600cc8fd151ea79018678f7ed672b9df59b109605a8721ae1ae82d3aebb1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
10bde999863720826c00cefd603317b2

SHA1
4ae35cce5cd8c425ecf58a8a3e889ed19566a10f

SHA256
7e69007f65669a74a05c73b3bdd3571747426de80b2f1876eedcd618533428d0

SHA512
ff7cd3ffc0688916f3bf33ee9cb95d55aa7f601b7190ba450d366c98b7c1849aecaaaa5f3fe7692adf22d854530936a97ca78be23272cdb935d887b78366b02a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
97fd91fa59769089a593b80935de7a95

SHA1
c5b413b14b544854c71747e89bed80babe00737e

SHA256
6991463d1ece467886c514ccac20a6dffa3e0853ee212800d3519aca1b238a92

SHA512
c9e474aa8ecbf5e197dc3028968c7187722fb4c96b764018f5748c44843333d22e0605b97d6fc0b7312687b2006e58f1dd4c4df43d18147367642a6fbca7e0c2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
3KB

MD5
cc1343576ee495e6bcbff7552c1860af

SHA1
e6f98359e90d86351e0666bbe806b02d34658191

SHA256
01fbeec8dcf311164b7c35606109340214776cdecd3a21d5d2e6299ecdf31740

SHA512
3c8301c18489301ba510699aa4bf0b5057fca73f4f69fbd2743914d871d09f1e361159886abe2352d074fe4c72fd3a3efdda8b931614e18523ac2604107a82b1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
9156aec3769379151f0547d12e11f7ad

SHA1
302260cf1a8dc154aa21ea53bed86c5127ae1493

SHA256
6412f547dbe83e0d0046dd80c0163321b35975d36de5b21ca10792b172a99af4

SHA512
a68c19ec7b49ff44b20460be0855f58d3be1364f54bbdb318634f4e4cd9cd3e12d886e6f83879f7af8312b71c3fbec7750c7bc0d64e6a85c95251c9de75ed9f4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
2d513cd9759e4fc5820bc5b05c4c1728

SHA1
a9359c32b33c749cc6ad314e5750c6f0bea1af51

SHA256
10406170dde37a6cc7bdeb952338cbacf37dbb7ec6ebd475f196584ee5af350b

SHA512
7123d2b58e0ccc611d10c3d75b86478cb74ef0b9f2c1d9eb7d90de434d83d429eae6db698e585e0c99fbf4d3074055035a33a47b433eba1c2f23f07fa519d9f6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
e8854769bda6feb562c456ca73ba8c08

SHA1
14ee629bf2b12f8a821be50eab0fe05f6e432f67

SHA256
ac3486b61a7dd91ec99cad870475e16547db88734cac00ed894cc43fc8202fc0

SHA512
70005bd74a26fdae8b6017484da1b157968e23460f71c816815b261b1906fbfb9d7adad4d4e11b47c16cf39561026af524e50ec29035996b16a570d2622c3e68

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
01e1bfd4e549fdf065e388c28184119a

SHA1
1650980f361ea21cb9b15d170fdd47001568707a

SHA256
12bc59fcd7221e34480fde3f5f63d35cb0ad93d74864d8a05629aeab35dbf9ca

SHA512
429e294169c160fa8f569af67ad2de0781353d9b69dd0cb1d3213a7557a9e6316b09c2cf4c4bec2516aa547b952123508cc5c6bdaa9023bdce8849f5df9b7ccc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
64KB

MD5
36306929f1ec04c8241fc566f2692604

SHA1
e74c4f980ea10351a23701860aa22cb6caa56bb8

SHA256
017704375b367bf3755dd9b8c1e7e9c2fc3efebac5f0e459aa87deba7ba39d37

SHA512
dfc3fa54c3f5ec77d5e25eda9f9ce63f7af047a41bdcb3ea46cdab9ea91a168d926049fa085d4824e88ec3ce8f3e50d50479688f0358c0f053643311a8fd0905

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
3a5cf158a6a2e4ecc149d16890a52fbe

SHA1
422936cae6cd3b2bb7af2f01b872ae4001799863

SHA256
192d0001b5dbe3ac1dc295b43705d7c9744e4748fc390cf3828b6d25e8d644b2

SHA512
ce26fc1b9ec1d5230dcbcd1e034dc1ab22570bc89b6ada23e02020072b60271b8d7ddeba0994a5db0e36e720cbb7b75b21a9239cda8dec119481b9578383220b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
9.7MB

MD5
1458d3cd32ca68c549ec114858eec879

SHA1
30892fd8dba85c7559718eb1666d121cf7ab9984

SHA256
3ed0c7c32ac5fbb0810711ea64a754ab34a6de0e9a67ad454d3f387671ffd4f2

SHA512
1b083e7c3a5cfc8655ef3a73481af4a730a3089031c44fff748b570d426c5f537b5e008587bca3d1ce157d9f77b5e35475c514b44a392ea8cb047565345bf3a0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
1902d5bf4e343cc5ef8a4ed19e62d05b

SHA1
05155bf02f09e0006bfc68500aa1b153cf97d445

SHA256
914299dd77f4322c99f62c37df1317ea3424d9a747d4635d10c1d3f003f6abd4

SHA512
402a252a79272c41a8a1a09cee236d184c83fa56e8d41fdb3c25d967440c4feb5f29adefce407434a4f203dc51c127f97c4f7a3825f2cbfa726b26be0b0bb094

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
256030be9ef4d8e57fc8755ba8ae3fb3

SHA1
9e4f0dc7e9f327dc4d5e513b8f3badd000153971

SHA256
2a559be2d40d83ddd642198e11ba301fa47bcc934270f1f8228e212ba340b84b

SHA512
06913d9424e23d02ce4b75c6378e6b9ba5a405f30aaff8c3a3b51290ca0c3fefc1c498c22b0052faf98e61d94b66cfec7965952e2e0b5e085a5a2b9ce32c8e66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
38e68e87a12a0d73a8e10822028a9840

SHA1
1f68836daa7e8c68c7908c0b49ce42f71f961201

SHA256
9bdfbeaa202debc1dbd835eae2c7c78f7c765de8acfa72bc13d73b0600b5c88e

SHA512
d5b1bd3fd8921fd0b9c3baa924e482b5c199e81f7ccbfcf3d9da19e9f249e4c42e3c6e052b24a9eab8ac296fabaf1bb7d69febb26f01be8b7f6ee68e32108f81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
0419c3346cd76c4f5dd4c292d72c84b2

SHA1
0fee9363f7d180a6a9da292d6df4c4be32bea681

SHA256
2b4bf28acf3e0c54cc4f4d34dcde154fac1b88067c47b91ce0198ecd91963cba

SHA512
baa38dbba19cc4dd77a35a2152d2c88dda0aae90ada1cfa2f933d751ac970b27dc03e5b803d585476a3e9f8c6570f3ec4febc769d5c900797e9e9a749be0d72b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
143.5MB

MD5
97aaf0b3b05140163629e17f6a64b93b

SHA1
1a860206b99d1b13178cdfeb5a4f3aa0528e9d90

SHA256
5d15aaa6f7e4f40074262c4515cddd25c4f208634fbf8902880f91ac70390d83

SHA512
04834b5d68c1cfde22076d3721e560ceff1108eb4d0f65bdcd84967737786faff096dcefd30dedcd108f3586345dd2b45372fc2e828e3aab1fe754f392a0db00

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
1bbfd44574d7d645ed60a7c606e6984e

SHA1
f1ac331d3af99c57ad1febe20b5f42f9ed2f26f9

SHA256
8d0941b19ff83f81034c3af950fc84f4428d2a273918babe491261b32e3b7d85

SHA512
9b743fc9b9786b5c10b3cfb593743ae8e5239dbc37602cbd945cadf41e14909c83897eee6dac505ec7538c8c15ce924994756ae41bf348fb1566da644b0dc0bb

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe

Filesize
98.9MB

MD5
1d189b171fc5c7924c9f4992131bbdff

SHA1
014ce1c0ce11e114a28280c9f1c74d990ea6dc86

SHA256
d485685e2c57dcc67d578ae658e49b9161a0163e9b4b05f887eb009f7493ba11

SHA512
876a5fd1406b023f8626fe2172840bbe9f11d372adf1db66734f4c8e5f5215c2eabd64f3b3473a8dedd6f550f3a271b7d131938392298c71c9441c3f13be64b1

Download Submit
memory/3296-1556-0x00007FFF88B90000-0x00007FFF88B91000-memory.dmp

Filesize
4KB

Download
memory/3296-1555-0x00007FFF88360000-0x00007FFF88361000-memory.dmp

Filesize
4KB

Download
memory/4648-1383-0x00007FFF7B6A0000-0x00007FFF7B6AD000-memory.dmp

Filesize
52KB

Download
memory/4648-1005-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4648-1010-0x00007FFF7E980000-0x00007FFF7E98F000-memory.dmp

Filesize
60KB

Download
memory/4648-1299-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4648-1381-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4648-1440-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4648-1469-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download