eternity | hxxp://www[.]pornhub[.]com | Triage

Analysis

max time kernel
1318s
max time network
1326s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 17:22

Sharing

Report Analysis Logs

General

Target

http://www.pornhub.com

Score

10^/10

eternity evasion persistence stealer trojan

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

resource	yara_rule
behavioral1/files/0x00080000000238cd-4591.dat	eternity_stealer
behavioral1/memory/3152-4616-0x0000000000AF0000-0x0000000000C04000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.14.exe

Executes dropped EXE 48 IoCs

pid	Process
5920	tor-browser-windows-x86_64-portable-13.0.14.exe
4856	firefox.exe
5928	firefox.exe
4628	firefox.exe
4488	firefox.exe
5920	tor.exe
4176	firefox.exe
4400	firefox.exe
6036	firefox.exe
3596	firefox.exe
3744	firefox.exe
1468	firefox.exe
7124	lyrebird.exe
6476	firefox.exe
6680	firefox.exe
6908	firefox.exe
2924	firefox.exe
1484	firefox.exe
1876	firefox.exe
5608	firefox.exe
5512	firefox.exe
4656	firefox.exe
6568	firefox.exe
3796	firefox.exe
6312	firefox.exe
6600	firefox.exe
6868	firefox.exe
3344	firefox.exe
4644	firefox.exe
3324	firefox.exe
1524	firefox.exe
6456	firefox.exe
5272	firefox.exe
964	firefox.exe
3152	Eternity_download.exe
4836	dcd.exe
968	Eternity_download.exe
5744	dcd.exe
1016	Eternity_download.exe
6592	dcd.exe
6724	Eternity_download.exe
5556	dcd.exe
2224	Eternity_download.exe
6308	dcd.exe
2636	Eternity_download.exe
704	dcd.exe
6856	Eternity_download.exe
6628	dcd.exe

Loads dropped DLL 64 IoCs

pid	Process
5920	tor-browser-windows-x86_64-portable-13.0.14.exe
5920	tor-browser-windows-x86_64-portable-13.0.14.exe
5920	tor-browser-windows-x86_64-portable-13.0.14.exe
4856	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
4628	firefox.exe
4628	firefox.exe
4628	firefox.exe
4628	firefox.exe
4488	firefox.exe
4488	firefox.exe
4488	firefox.exe
4488	firefox.exe
4176	firefox.exe
4176	firefox.exe
4176	firefox.exe
4176	firefox.exe
4400	firefox.exe
4488	firefox.exe
4488	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4176	firefox.exe
4176	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
6036	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3744	firefox.exe
3596	firefox.exe
3596	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
3744	firefox.exe
3744	firefox.exe
1468	firefox.exe
1468	firefox.exe
6476	firefox.exe
6476	firefox.exe
6476	firefox.exe
6476	firefox.exe
6476	firefox.exe

Registers COM server for autorun 1 TTPs 4 IoCs

Registry Run Keys / Startup Folder

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\System32\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

flow	ioc
937	drive.google.com
936	drive.google.com

Drops file in System32 directory 18 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.14.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{79B842E7-1A93-4332-A98E-064466983651}	dxdiag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{5A9095C4-F6B7-4159-B376-FD6E7AC3D8F3}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{FFD0AFE0-273E-485B-B284-1BD108CAB699}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\System32\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2"	explorer.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 427584.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 435300.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
776	explorer.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1500	msedge.exe
1500	msedge.exe
2144	identity_helper.exe
2144	identity_helper.exe
2564	msedge.exe
2564	msedge.exe
3844	msedge.exe
3844	msedge.exe
6128	msedge.exe
6128	msedge.exe
3896	msedge.exe
3896	msedge.exe
5432	identity_helper.exe
5432	identity_helper.exe
6432	msedge.exe
6432	msedge.exe
7124	lyrebird.exe
7124	lyrebird.exe
4448	dxdiag.exe
4448	dxdiag.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
2368	chrome.exe
2368	chrome.exe
6308	msedge.exe
6308	msedge.exe
5400	msedge.exe
5400	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
380	msinfo32.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	5928	firefox.exe
Token: SeDebugPrivilege	5928	firefox.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: 33	7108	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7108	AUDIODG.EXE
Token: SeDebugPrivilege	3152	Eternity_download.exe
Token: SeDebugPrivilege	968	Eternity_download.exe
Token: SeDebugPrivilege	1016	Eternity_download.exe
Token: SeDebugPrivilege	6724	Eternity_download.exe
Token: SeShutdownPrivilege	776	explorer.exe
Token: SeCreatePagefilePrivilege	776	explorer.exe
Token: SeDebugPrivilege	2224	Eternity_download.exe
Token: SeDebugPrivilege	2636	Eternity_download.exe
Token: SeDebugPrivilege	6856	Eternity_download.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
4448	dxdiag.exe
4448	dxdiag.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe
5928	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 5044	1500	msedge.exe	86
PID 1500 wrote to memory of 5044	1500	msedge.exe	86
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 4588	1500	msedge.exe	87
PID 1500 wrote to memory of 1064	1500	msedge.exe	88
PID 1500 wrote to memory of 1064	1500	msedge.exe	88
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89
PID 1500 wrote to memory of 2124	1500	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2d0346f8,0x7fff2d034708,0x7fff2d034718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3676 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,9662505506307652882,11175242053622566925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:5920
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4856
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5928
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.0.219703971\1030478765" -parentBuildID 20240416150000 -prefsHandle 1868 -prefMapHandle 1852 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9771e54d-343c-43a3-86f8-71ad9e636a7e} 5928 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4628
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.1.1312136501\1125222755" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 20081 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ccacdc83-268a-4f54-876b-e8bfb5331e44} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4488
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e9fd163ec4848edb6095a9e700626e46f391235255eaabb89fb244f216 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 5928 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5920
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.2.1713048294\526653047" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3556 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {42ffbcaa-b78d-488b-b883-c4f02aeb5081} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4176
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.3.825380074\361486789" -childID 3 -isForBrowser -prefsHandle 2992 -prefMapHandle 2996 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9df0a102-5be6-465b-8a42-236565bc28a7} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4400
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.4.606395544\1457662728" -parentBuildID 20240416150000 -prefsHandle 3400 -prefMapHandle 3660 -prefsLen 22151 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cb35707d-8325-4036-8898-bd7dc7cf2072} 5928 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6036
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.5.1662123979\229305562" -childID 4 -isForBrowser -prefsHandle 2848 -prefMapHandle 2824 -prefsLen 22426 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ecd2e634-726f-450d-9bad-35b5a24b543d} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3596
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.6.1150599944\530491151" -childID 5 -isForBrowser -prefsHandle 4276 -prefMapHandle 4284 -prefsLen 22426 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c61c444a-2453-4a9c-9fa7-6269a13b09de} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3744
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.7.1485668344\894531914" -childID 6 -isForBrowser -prefsHandle 4348 -prefMapHandle 2832 -prefsLen 22426 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8d3ec8b5-a9ae-4112-aee5-498633c02b66} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1468
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:7124
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.8.664640407\1277451773" -childID 7 -isForBrowser -prefsHandle 4808 -prefMapHandle 4836 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {58a825cf-0114-4b16-be54-3f96550230c0} 5928 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6476
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.9.919433997\1456557769" -childID 8 -isForBrowser -prefsHandle 4228 -prefMapHandle 3544 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e50458b6-df21-4986-878d-cf503168e114} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6680
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.10.505110218\1578848124" -childID 9 -isForBrowser -prefsHandle 4952 -prefMapHandle 4992 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f39f83f8-7290-4506-b44d-7de8cb33757e} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6908
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.11.1893008227\1821074515" -childID 10 -isForBrowser -prefsHandle 4852 -prefMapHandle 5104 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5702ca98-7f2e-40c1-9e5c-ce88766841b3} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:2924
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.12.1394221447\61003879" -childID 11 -isForBrowser -prefsHandle 5208 -prefMapHandle 4352 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0061d330-235e-444a-bedf-4ecfac33ac49} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:1484
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.13.1008266942\846089700" -childID 12 -isForBrowser -prefsHandle 5208 -prefMapHandle 5376 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6bc0366e-8516-4c7e-b158-2a8a31974fdb} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:1876
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.14.319547426\1332646519" -childID 13 -isForBrowser -prefsHandle 4848 -prefMapHandle 2892 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ee4a68f2-b291-4cbb-97b6-9234baf4d5ec} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:5608
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.15.929282493\775724622" -childID 14 -isForBrowser -prefsHandle 5196 -prefMapHandle 5112 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {03b3b6ae-c193-4339-a6cf-20a014f1297b} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:5512
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.16.1314140995\831172829" -childID 15 -isForBrowser -prefsHandle 5792 -prefMapHandle 5752 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fb7cd8d2-fba9-487a-9961-3711d1431c50} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:4656
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.17.621617291\1105267055" -childID 16 -isForBrowser -prefsHandle 964 -prefMapHandle 5256 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bc893241-0984-4cdf-864f-e39a667f5379} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6568
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.18.1404944480\127870375" -childID 17 -isForBrowser -prefsHandle 4648 -prefMapHandle 5000 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {476fa0c3-8140-4972-b57b-02b7ad3d3e0a} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:3796
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.19.2006479840\330419265" -childID 18 -isForBrowser -prefsHandle 4408 -prefMapHandle 1672 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1c2728eb-753c-4546-b461-80fe2e354b27} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6312
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.20.1660483375\1700496953" -childID 19 -isForBrowser -prefsHandle 5348 -prefMapHandle 5408 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3e7a43f2-97c0-4c74-9e68-c77f7a5e6861} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6600
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.21.380300173\274978525" -childID 20 -isForBrowser -prefsHandle 6068 -prefMapHandle 5776 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8f6984a9-8279-48e0-b481-fbabd251b964} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6868
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.22.1338292276\2019664973" -childID 21 -isForBrowser -prefsHandle 5844 -prefMapHandle 5336 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {851a522e-8586-4935-a111-c65f715efd7f} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:3344
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.23.1188091758\672792453" -childID 22 -isForBrowser -prefsHandle 6196 -prefMapHandle 6200 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1b0759ff-d9dc-455a-a229-e042a8ad80f2} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:4644
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.24.1782402614\1521791907" -childID 23 -isForBrowser -prefsHandle 6164 -prefMapHandle 6236 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {09af8a06-2e2a-43d0-bacf-5f8fba523a88} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:3324
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.25.45640524\832336249" -childID 24 -isForBrowser -prefsHandle 6392 -prefMapHandle 6396 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dd97bd97-21a1-4ef9-97af-0fac17401c2e} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:1524
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.26.1174841709\112459679" -childID 25 -isForBrowser -prefsHandle 5276 -prefMapHandle 5188 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7c7dbd16-5aa3-4348-aea6-cb6d8f40957f} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:6456
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.27.437723741\642584349" -childID 26 -isForBrowser -prefsHandle 5612 -prefMapHandle 5964 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3c6f56c9-c9c6-43b6-be78-69aa8f640087} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:5272
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5928.28.114478447\424772203" -childID 27 -isForBrowser -prefsHandle 10504 -prefMapHandle 6124 -prefsLen 22925 -prefMapSize 243660 -jsInitHandle 1028 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {be87d424-b1ff-402b-a5e1-f0c6633517be} 5928 tab
        5⤵
        Executes dropped EXE
        
        PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff2d0346f8,0x7fff2d034708,0x7fff2d034718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1372 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5400
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3152
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6452912620444599701,69860751368519703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:4888
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:6308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault95a323cdhee20h41bbh84a8h1980bde21035
1⤵
PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff2d0346f8,0x7fff2d034708,0x7fff2d034718
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11586854702693846277,13494476682227576719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11586854702693846277,13494476682227576719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6948

C:\Windows\System32\dxdiag.exe
"C:\Windows\System32\dxdiag.exe"
1⤵
- Registers COM server for autorun
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff19d5ab58,0x7fff19d5ab68,0x7fff19d5ab78
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:2
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 --field-trial-handle=2020,i,4422901011031158430,6488055156359232993,131072 /prefetch:8
  2⤵
  PID:7116

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1264

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:968
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5744

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1016
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:6592

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6724
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3864
- C:\Windows\system32\cscript.exe
  cscript slmgr.vbs /ipk "Product Key According To Your Edition"
  2⤵
  PID:5164
- C:\Windows\system32\cscript.exe
  cscript slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
  2⤵
  PID:3612

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:380

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:7008

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:6344

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2636
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:704

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6856
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:6628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5696efeb31dc25545fa592379d93229b

SHA1
5307c80e8c39cc085bb7321410d0821d955ce47b

SHA256
414e55f2d9115f50cbdf9126fc4afd41a1a1dbb48497b346d0f0c296e8d3465c

SHA512
5ebc973adf01aa20572f020ed85abafa7b950acb05963a62dbf1957c04e5e94eaf41322637aa5f1e42e68262c43a5c5cd47e2cf084ac501059ea53d3718aaaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5d251788e0ba2920bc28c5e770e7529f

SHA1
9ba67dfc6c440880f08f6193555fe2646d7ed280

SHA256
8e38f07d82aa7ce96ba7d8b1818533301ebe8533aa6d51c57c0740609bc6341d

SHA512
95b8db2c2612f29391f2bbfee35a7ec7cdb3c0047effa6e3284ac3e28ecb651d8c547799b1a586117ef240c0eaddff49dc6b9154090af857b5a9bb100f1e073b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
64e9259856a6110a22390f803387799f

SHA1
72ad3a1a741417bd65789f46c2856aa3cfdc21d1

SHA256
4e1c9d2d401c62056a6ad0367e9da9caa386477844bff8a46873cba3bfa05fde

SHA512
18f02294885a0bf8ade0a110d67e19999a5cedb9a86120613cd16b8b352a42b919eabf2aff05ebc61e296d5fb01eb45bb577f8004508697b9318e176041a947f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e8e02ec7-caba-4b67-a873-1d76ca950854.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
49375df73aef664865e6e9b42b2cca45

SHA1
97266340c7a1d06b6baf294f5cdbc1394b70404c

SHA256
7c8c166fbe9bfabfca92301616e0d7f791847d689d760817627ad55b2b6ba069

SHA512
4f60edf0ab4d52f7a3dfa34bff159bb7d3e1a1ae592df1c99faa0cb2c1d3a8060f308a0b987099d711286c53680288486d305036704500c4575dcdead6100112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36ab2331467ce01972145daa0c19b65b

SHA1
f2533c5e3800447fdda9dc487e5e8292fee859fe

SHA256
918b938368750e804923b0edebd75a608b800bdf7cb48e73ae550555367b90cb

SHA512
81ecca01aa7b5e95083404232843877cbf5bdf3c7588310205bf3eefa74782f74d1e029d9371135cb912b4a0a35573466269e6a6b5c330a2292b29b3dd937e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d877bdf0a674da2724c511cf3fed8a04

SHA1
518d898cae922c984419732f16be98113de880cb

SHA256
cf7a1d7f1eedf64e68971b66cc91f4d11f07e7920c46329a84bdeb1210a7b3db

SHA512
8817a9244734b979f3d4302324a62afafb5e3dc8ba19173924ab97cc35ddbdde54ed925b5484a3abaa50d90c66aba1f2e9e1f43e43a51d2114a5ba960ebade79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9d62947f86df35a666a94d9b45b0704

SHA1
2acb80ab4fe3709f536b46caa0e740f64e6bc77b

SHA256
a028e6b9a4cd4a73366d62bb443e83def23bd72f9d74eb0bf0d274de063202fa

SHA512
221bc837c716940b114a553d539a1cfb4cde7b06d507e9e01d62ee0d5dc0b9fda4370454f8734a6a6797c16e7301bc0968c035c072a69875e45e4229f4aa2709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5d5a618b-5319-4d0e-90b4-3736d6a12b8b.tmp

Filesize
12KB

MD5
c8cbf53390b39f84c83d1b58439fc565

SHA1
7ee7cf974569e10e86271d89f189903b2e3c3ca4

SHA256
86be8b7f5e04c6a94928cd3562828a52bdf4e04d9df2d6ec08c2f84f9c5aaede

SHA512
f5b918d55f1cf8845ed6dc103a70981f7cacc6b158d94e5111baed8a3c4c306664a6ba2f04300cd4a1becf7e5ccd57bcdd235c873dd62311211252e7b4955e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
19KB

MD5
bf09e313987344f3fb77e02c9b7ffeab

SHA1
41028f66f3ab4e73459e88e35d3de68851349008

SHA256
02435eecf5d349a45c63f3f74f6fb5d209ed06b171e86919aef4b94cf9738abd

SHA512
3998523363b4d01d23014a34ea1fba19ea68bd3bfc668b74cfb4c394502e072556237ea8bddcfcbfd1f53e2532d3e555e60fa4e42185e3eeddba32f1af32f380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
55KB

MD5
85fc5fa1cf53dfaa8bdaad8c26515dfd

SHA1
2639d566ecd3cc5805037c31205dfc2e8bdfba1e

SHA256
2edead03bc53fe3c5c95a20885cc7667e86c0efa5c6f43dc2b7a0c40fb8ce632

SHA512
64d5f8002983afd72f5e19ee9c8c544a289e05791d088a825ab826180bdec3768a688a92a4c74a74c7533c6c0ce217a63939096e56601515be67cc0690158e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
1.2MB

MD5
f950213c5ae8dbd3142e09496d36c41d

SHA1
f9016e2d078966366e2030847e10a5c051ebd6b2

SHA256
a5f51085387a791f59857b68302b8f17415da6909bb919579c0236590f40f8a2

SHA512
91bcd876ebdcac8c77b07b350dd527822d3f80abae2202c337cbb9f9ca787599446c8af30e97eb85ff0e9e873f42bd371658e018e475e204c3e35d2f59d5304d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
16KB

MD5
12e13584b1ac411b7a4e359c54ca7695

SHA1
27b6dbca3bd232af15eb484f818907d581d467fd

SHA256
bd57a48b2cff56e5de8405e9c4a69cb6e14bb0055c1c8b8cda7c454d2a4c3a6c

SHA512
0e32554257b52c2945d92d8de1b99e8a983a6927f9822d877fe226c8d5afa96c8aa60394519922f0a6c20f0757c385f2bdf9d501116c0262a780ca46ca16d2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
47KB

MD5
24edf43fe24e0e2e7352dbf325da6d4f

SHA1
26b8244d8366e748da623305c3640f7067c3c22a

SHA256
26d41b24cbbeb3c94bcbb52078ba4604564b15244e1f7a519d835a46101a7db9

SHA512
9660c8e0aac4c9061c535ffc8058d999b614e891b00bb60de16ba80a4910c79525538875174c7a6cdf430676fdb403ae63be39d2cba81518bb82e48cccf4af64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
790KB

MD5
c74d91628b1ad64d84b6eedd9f7c996e

SHA1
b88dab7c50a8a65b21cbcc6cec903fd92f04df73

SHA256
3458831ddbe1346dae98c2df768c946faa4f5a1f356a64d9028598fac5aff3e4

SHA512
51ff90042a939af9dac4e4f7831cf94183feaeda54496911e535fadbc6f1b38f729a16344a6e5fa92bf90280a6b38a5ce7980842a73c4958e2b6d43a9ed2fd16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be

Filesize
33KB

MD5
29fd127a703ea13ee1d9a4492e447c1d

SHA1
4550738e0405bae4e39b412dd09f0adcd1a9582e

SHA256
e33d4e1b7409ce8d8ba757c8805103527f12536818ff07264b5a65411d62df1c

SHA512
42268407a36ee94f9750a1c9bf8195ac7a856972d1a9dc4e7394221d732b1fd397c49b08b90414c053b771223efafb68702fd47e17cd069c175090028cfb9b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf

Filesize
23KB

MD5
803bfefa0b5f416942c4b32ba34f4fdd

SHA1
6e7c6ffbc3d4e625c78327413adc6a80771d182f

SHA256
a8eb3ad2a19a9fd790359c9d1ac7430dc4d90f433e1515aa972bf639c4d3331c

SHA512
b024959bb9ba326495b4dba260546ed48446fcfa96a46595469c32a1e48f074a89984a6f460766136d42cff729613ce5c1049a949b6fbd92539ea43911539b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
38KB

MD5
82546723bf56e820ada91d87b19156b4

SHA1
45f3f91c7c4adae802f01162b368e04a35c71c31

SHA256
b3797a95e44706743daa6f6c71b4791729362cd98693cc91dbf190e61dc7ed2e

SHA512
9cbcd949bd36354fdc1ca98010ab3881237f0ac6f3a7bbef08a894ac2dc9e1fd74e536f5df46a2e5b0ee0ec537015e34c29d91230e7c9f202151ee17dedc7d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
5d90ea92bcd5344e0d9b8cb113b406ae

SHA1
ff5f4d780ab1cc8c71c939439b9f6eee75a54592

SHA256
72c09b121468e2cb2b8bbc1b5850d6e33a57f3355853cf843d36542225db3899

SHA512
a985a8e23305105d10ec2972019d674c5cbf28e638506cf1647b06a95de2cbef712fabda3bde94f8cf965b3d38b63c10b0f4b59918110e0c2535a1a3bc289a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
896e89daf29de8277bce7c734d9bc22d

SHA1
1a95c4faf0ac82478c7b8132e9e31f0fba343df7

SHA256
bf7e7bf4f14368b0afeb881cf162a783edd450c014f39d83703f4f0d7ce9adb4

SHA512
02738cc2dd97da5ff87465f31a260e0a95f832955757976f4bb6ee1685e229a799abb8bf634277a5be05974c803d18cc8a234969c94a4b9bd500c3e2fe5265fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

Filesize
4KB

MD5
2fdee7f762429c1892e70c935b4a6e71

SHA1
bd3810d4d27b4bba37fbd72521b91c96ec676485

SHA256
b3428cfa69c07337c0f1950a2f6fc97dffcdc5ce4163f7fa3348635610cfd201

SHA512
cddd3e924c22e40c83fdae25c4f640354be2b917f936df090cf77fa45a4cf256e5f3211fd6a97c2effffcad3812afebf91495a3cd093d1a931c51a542e446aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0

Filesize
1KB

MD5
7c55c8fe508c2488f0b560388ca0a0de

SHA1
5066bfd7548d7440e7bdfb87075019a3b7475e2d

SHA256
f433a103dd4f54aec01f2def4bfc3721fcbcce498427c8d9f1a1f4d45b858aba

SHA512
c4b331c882c1ddab29f540686d05c186743bdf3f33e76a753a16a1646056660a874324ba1cef536fc064b4e12010cba3527da805b9d9db2b64945dd8d4864c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1897780b55c7bfef_0

Filesize
3KB

MD5
fcddb659fe9f4cf840c7ce227ea112e7

SHA1
18ac1a87030732d2d60af7b9b590de93ab05b38e

SHA256
1f2438d371d7d531afc70d6f0a46e07a83fd961cbc7a452f7fd42cf141628aee

SHA512
b6071039755d51ee70c0d4f5d9dea2943966ff9307fda5a2cb9a3e545c679ce1f2bf03d700a31a83d91103159eb303e25b7b3a5679699271d1b1495d3a47c1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23c07bc9a5d23b64_0

Filesize
6KB

MD5
a9f4b986c206e8ce4f548d4ecf9a8457

SHA1
6564fd8a7c398b2774ac3a415582151d5cf066d7

SHA256
0cd4d84ecb9c9b1f5cc24a952cb5846047719128539e366b857e89fcfb1f4e29

SHA512
48f369db9fea616c86aa65f35ed1453023b33327dccf84da7b4257fa7400bee6b291edad5cdf4e0cd219f26879f584ebe0d40491d8a2e4418937925507c11638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\246a8b0680c1f599_0

Filesize
289KB

MD5
582d94080ceda3374c0e36193139f66c

SHA1
6e7b4d52f96ba66d73dbdc6449b42fd70a221d2e

SHA256
526b526fcfc68286a8c3f5b603a3fe42b667f33386381832196e8693bf7bf45b

SHA512
07f72f557b6cee9c87635b26d253c25573338797ffc855c2e95275e1871818a7047041ecb8930562c672f2940d37323ba36c1d7f7586ad2fe2bd9695d5d5917f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
7a98c0d10dff1f24055145151e964568

SHA1
9c4135d95f3e4c5169bb845150fc80c268fddc19

SHA256
d56864b5d3649d9edee7fe531fde7fcbf3648bb02b2d56449a8925815c635cdd

SHA512
57f16ffa4d6b2ee4060f6fc24ceece7da6ebd250aac2fa1c09646c6c9599910da558edb4ecf8581dff8049be7326d7987be2cef57d34ce1356b573171987e3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

Filesize
27KB

MD5
b49d7a26507c261af3ebc5311622ddaf

SHA1
7007a8be2a282c1b9baefd0b134188e224ede2ac

SHA256
0a9de85bf1206091ec48e74c39405ff64e60f0c8204eda8fc294c542a2f9693e

SHA512
082f3b4615b58e11b46f273aca68da686efc4b7eccf73b665181a9955f3ad8b110cda95d2ed8cb9603e210cb597be868f4b4bf5552d0aef84cffe3b2fd4b7404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
eac5438a8dc3ef6ba7365c73797cc30a

SHA1
e52c40cb65372df9e6eb198bbaba5dca46ea19ac

SHA256
3be2797631e7554945354001a45fae416801400d2de4b836c1f8c678565e6f72

SHA512
b3f4d17331d8bcf6082e668436b6a42082f7d2601e0783f322977b3917c84f662beb2e1e77f814f16b2cec6f024e2c2fb4648ef5c7ffd93b40d77e0f445eecc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
c8c2ca0a4632e4c1f89024881717ac4d

SHA1
2f3a8d6a43ab8ef59ccadef554e5f157f7838e2d

SHA256
02a3bd5e7225181c4cd72b830658d77085c18f62ae11cfc0d9381253fe5fa5ed

SHA512
ead02a21caa4801bd94e47d8771c9f6e8725f1f94f97ee712e4aff063d9cd799c6d575ed65c2bc02d67c4295a95126a5ecd8483c25a1d908cd7d22a36f2eacf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
aba79ebf7f9c2138690b81433c0ad399

SHA1
0e1937ca470e5d844a6efa8534ba522a3d0d43ff

SHA256
523949f0a4455b3a8dfb569ae0b11365dfbfea4b4d8692a3f16923e254ea2954

SHA512
1ca6d4a61060bdea8ecf342779f540a02f3deecc01408cab4ed3d451b95dde19db9b02dc76b6e40d0b630d9887cf7c49a86c27fdcd86e7c72fe176eeeac2f85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
45cf87569e36c2eb73c5ab47db56f9ac

SHA1
a618d2a8e34f2b0597d537dc9c62263b6150113e

SHA256
996b27170e2c90dea16de8ab5dd2ac9640a7ad5bb3aa2caa1242ad3ef8859ae4

SHA512
88bed7e81ef39af135b5e5466191da667c0014629aac97f852ecf2cd232f86a594a5f00e24b7e84a0212d7e8cfa392da7619bf6d654b853ce94e4008deadd3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
188cc868452ab7b8833b62a2585c3e1b

SHA1
e50e67c357d59d2c36d3e0fc86d4c47110b33c15

SHA256
e25a406850e0423ab9465b2785a9373f90f0e0346c49555d599c9affb63f06ca

SHA512
4b257216f34a855601406787cf93e61bd77fa2bf8f11e65aaec6f6cf4207cf66a27dfdf724538b0ca0409343ddf011c513d63b996389819e85e130c280a95942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

Filesize
6KB

MD5
52d43f52b0969d1d3f418b70e19ac674

SHA1
1c36a01c8aa84a69c76a07023bb32c7959fb4b31

SHA256
d3eb6b00888b74ad5b936a4ad9f4036757e0fb6e350e0924d20a731a92204af8

SHA512
90188fe5f116f8dd50f9c324e75586b36a898e45223bdace330151d5afba0c8390aead943280ca1eb3136839752926833be24ce91ce4dcc20597bc7dce05cb42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
d18eca1cd28eef4c9794690d993e01dc

SHA1
2b831e23e846979708b295b95f87c1e762cdd8ab

SHA256
5f973491f55f7b0d562b4d46d7483ff0da1cde2397a2238658bacdb2eea3157b

SHA512
041c7fc93df69c107224c212db3c4c4b3e93e3a9406477dbd2a0f576c7735e5f6ffefef2d0ab92e5b29beeb96773fff8fcac67bebbcbca052b187396dad47e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
7626f585b80edb6ecfab5a930b39dc20

SHA1
a9e2e4b83bdb747f4b4d4bb06e6ab64562080e36

SHA256
ab35f6388609439c95737d7ce7f466f7465116fec9d1386e8abfe244bda7df25

SHA512
4d28ce27d0ea8ae5706af631d7ff3800b01be61cbc494643e55747f6f174379d037a907862614badc935c877161d31a56e9a009f4278f00fcdcbc670bcf65b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

Filesize
26KB

MD5
37c7a98b73de31f7faab7e58bb916701

SHA1
6ad088638d5692265d4cff435dec01e34d51c944

SHA256
027ed0b09c4aad848f131530770aad05a2474d53168337eb7dfe32b264a7c7e4

SHA512
f71664d73cc3e21941763453f512fe07a47e2d3e9fdba8632cd8cacac97f0aa63b96da3375527db6bd22a160cb53d000948a498595869778fc12095ca00687a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\830344b2702c367b_0

Filesize
175KB

MD5
8e1cbc0959d9040f172a4807c1e602f4

SHA1
d1e954e34c9513d82874b88a91b2b43889d083ac

SHA256
2ee0a641cb31a5a31d3b9b277b2da714d9a2f6ebe718e5c5f610915ed90579e7

SHA512
e70785e54c6ca73ed34eb02d7b4ce00b7dffd712730b5230ff18bc7b33b1da22c9eaddae9eb43eb111d71f740a23b38d455171ff630dcd6fb132d25110b1f18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
ca6db9b3e53eb4e1f37864be1548ba60

SHA1
491a0dccdca9aec4690b07f1ebb6d5f443714df8

SHA256
4821dd330225edce46a7c385d91dc6430344415d1c2fcf3507da932c47cda353

SHA512
8b5d447439ba0e03def85155a9744836c1d97b7bf57aba5d2430a8f438654a4129bfd05dc0e36c63b7576223a6f018a5323a49ff6bdd36ddab51277f7daceac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
fc6b5cadc372393613cc5dd473ea6167

SHA1
b4b23e279c2d2fabd63379c906f65116943a6728

SHA256
cb32fd8fe090dd03375556ef5797e4b7714d0f024a4b99adebe33298242b9606

SHA512
5e1aebb0ea4209c4e5ca8978e9660784938a201a633e229fefd9405af7907c1a23361cb581ea85e948d5c3dae6ead84918120d3523ae0ae56c6c82a8c93c04f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
f91e0ac420a8506d70eb2a4fbb378ce2

SHA1
b676a65758997ace9741f85ca8f178885ad5ca07

SHA256
75957db787b8a45144a8b8053441fc5c6f867135394954b7d69709ef5d537ca8

SHA512
6d8661fd285fdaa710124788442e6a542e2f04644d73e3726bf49c658a233c8c6f5ec7476c0e445d17375acfda7c86c08f9e2673ec721f35e75bcf8e41a17899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac70648f62ec0e84_0

Filesize
20KB

MD5
beab9f20c6bbcb715edc5295b4e3180d

SHA1
78ee7608d2c8f3113d99b763fe475b774ffe6348

SHA256
cca0de30c0265556db0678315452aeb791f309e92e5e5030b1dec2085fc69cd8

SHA512
946776830e3dc19040fef7b6a89585153931a9feb3e5a02dfaf36605ce331c868d48aa06dfeee35c05f677b8157c562747506d10bf36588174862da978ad7b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
ce80d4bd23a827e236796792277c283e

SHA1
53153867cd9bc2adc56d3ff641b9f470ef84c325

SHA256
51a613a5ec8b42fe02db5d0e8fccdba262b5fc1cc27423ce11bad649e0a5ee6f

SHA512
603229626b1b42da4f5d27f318ec74cd32cffa03fe40417f3ba5ad86f393a422c615bb7c6089e4623099eece513a19bd368611d67d96a96dc640d6719f08b0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
68dd82eb678ae560f941570e9dfd8122

SHA1
781a6037858cc42cadca0f48586b1ee929c5cff0

SHA256
8153e73d082c8ce4e552b0a125b30d7e28868f12838c807c129dba3c46903d33

SHA512
7c384fe0dfb229c03256040720e8e7cf49ab20f113e5e324b9bcfe47ebcf3fc0c251a574e1d0d967dcbd52228153a8bc5cd9b6e93d653e975aa6772137bbcbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
e464ebdb08dab9cefd91f7a65ce70193

SHA1
a5224adb035399009325f9188288c7cf75115378

SHA256
0c2a43028a25d875196be4c4b8ea4d371c86bc7d4ed8832ed981ec12c8b782a3

SHA512
4f56a52c0ecc94185dfd7628d0b9986ca63d608337c773aa030498722f56750c6e04c96d59ce0dc0e41f89623df06a31e07808e8e7719515231da705839c7829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
7KB

MD5
b4c223acb12093154ff4e727eb14ccd5

SHA1
d21a07a0eedbd18aa982bb784b1d484949a3c077

SHA256
bb514b4f43e4c7e309b0d880795aa7d501177ffa7698de60149a41645001a388

SHA512
e56c3bb9cd38417b5059226969c6944ca8bb22bf1854a16b9f79cc36f2b5ac74e173dd595606cbce828be48ed5eeac03c1cd45a8fbc6af913e1c85a7fd960fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
9ffce73c365502222f29e022a4d68bfd

SHA1
e3d6a68eb2f887319660646d69696e0ca8fc7905

SHA256
3741ce6942764f4f5693686d19b6d561dd2f58bd048d6a3adb2bbe9b901fb7cb

SHA512
5130de7beb7c831a0af0ac491ad2186441942525f87ea344471528b2a430773ab4d4aeaf5c0d92d6b579386fd1a96c3f3140d79ebf136c8f3bad7d35a4a91574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
c0940bccdd96a8c750f6a9bfdaca1a7b

SHA1
cdbf93f130a3717331b1cf689f66855ab04c36b3

SHA256
69fa6fd129f47d2f658daafeabf39088e61dad6d1d0a142a749553c6cfd09ecb

SHA512
366900089a7b100a3778a254fe4d28e40f20c6996013b76143ebcc37480a5ef49837d6a035987f2b82cecac61c48a0fce88114bbec2e5804aa2ee5965976dd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
a2cb7efb2d156a317b588762e69f25ba

SHA1
6d5f860aaf7ab2aef2296df3e67e0b4b6f38bcc5

SHA256
362b2e6e61c80ec832f8723b7bb2e518f5cb218bf4334eaa3745ac169f6dfb8f

SHA512
f4df74db1582ea38e2225db2326f8867b74c58cfaaca1d2eb7106124f08e83400ba19005647f390cfe4479a7536230f335df959d3c466282fe77df829c5cb010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
b69f0cde5b6b6b47f118df438068a9c2

SHA1
17baa3c499b452a9be0ca2c5a16f94981970177d

SHA256
ed233f101acca337ab6a19a88428799405a2134ec6ca195015b4ac452fab8cfd

SHA512
6ef90c7bf7f8d3e0a18124d3fa12e9883eeedc00e1cf41e4715a5d48db48e1554a06d0614b1bdac85b0ee041153f1610848f7a9c0e88dd55c1bdf8fd23b22213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
5df7a38f323dfd5628d46909ecdf5b99

SHA1
44cbd7b46cfd9db13aed6b150ec98fd03070681f

SHA256
9b2d5047bf32872a54a2b82b7d0363944701942dd9647eb246dfcdb2ccfa5abd

SHA512
f1a731e509dce273659dc28470dd1c681df05b560546a4fb0d8de8bf00360185a82f4cf0b488bb1dbd37783028e4cc829f68d08eaed74db498d499ab86b0c43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
840B

MD5
840316e4914901fd513fedafb5b84d72

SHA1
e929e00ed2c92f49fc5bb544729f0532e728f95e

SHA256
10546da81e307bd990f00da0354a7f2ef3331660ed9a7c532b97ac7e2adc0321

SHA512
4a850b66fa7efcd70a5e2ef65aae4c039a90ab70714cedb941959312bad694a6a89f6e379a291981e094e375c33e97caf6b921b1bade7b798b86452bebb94aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7e09975c729334df21a4cdd2ea499ba8

SHA1
ec128035c94901e2352e80bf60f4fe5b5097e153

SHA256
46d2da0d9342d2a26660afd8cb0450f10d6fd1309f821e167085f89dd4b8eb22

SHA512
c879c56ff9c03f0ad00e4fa479d20383a383d5173b31bdba23ccc95cbc6dd3104eb2fbf21ce30f2d3642c0ceec010f1f85c3e14a6636426a3c32df3a408fef12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ad8b4afc5c74d31d38122bf0fd059f51

SHA1
7b0bc144e9d1957ed8fd2086a06b95d596e2b508

SHA256
f281c70895a5e916ccfca614bd5b1d51875f012f890aa69a0239a90ded62998c

SHA512
7dce15c5f94a59c9d8832a9b06ca4299b79ed1ccd050130c9009cf3e9e0a4d35e46e35567b526108586386210bef0f649329068f78035891d7d290d085596f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
589ec6921fc1cbe222d2e4db72978f3e

SHA1
e7431c23870626599e9737fc41e047cd0d3841c4

SHA256
b0374e7ee48da3c8fde878d32a5fc5731f10301bf51dea3a96e609c550a6c732

SHA512
1a1d98621460f81e6504bd5c4c87090cb231a1329282638bf91ac1ccae3053605f2cb082b8e9e0f9316e76370b0a4262733b4b968d4e67bbd236ff7a8a09d676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6f2fdcea932799fafc1afcd0c16e91f7

SHA1
c3101a78efebc0dc4d05a9a029f7cbbd22e93955

SHA256
5fa7b91bb0ee4fb7ccf11bdd9ee54d26259008efcb4d7e19f3baa09cb99d1b17

SHA512
4a4bfe38aba25ac5454f43d749ab12eb28d66802297204a2d15f5c3de730b3589f66397383e5b3be685899c6d4ab2f464c90d296794d43d55463132baab68642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7e2dc281ce1d2c663bf33645dac28216

SHA1
8ac160bc8eeee84b87b02c62b842d85993b26cd9

SHA256
73a25b632cad1fef39c95b4f111177572822a69d8c4cd55515eadc81ab99ec35

SHA512
c38959b0991e023395d3629845db31660a5dd3373fa01f0a73569a783bc153b7be86ad67cc1eceff5203ea94d3b9b8c10757509279341869207738cdafb90262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
290152e0ed798517dea20f930cceb334

SHA1
3b8a02e0e102511e20484be65be4240c853f2826

SHA256
450fcc4a0ddc20797c5fdc736f915421c79c78d283ac6f6c5f1309ac5a9feeb7

SHA512
867c92895eec9a90c9e71a38455da11e1587f4d78cc68ebef8551d42768773039f829505294e64667e52038c268cb093def79e4c6cb063d895bcd79dcb8631bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f03ed8a7b2dcd89169908d568cf993b1

SHA1
06df698c6056d28728faa8a39cab4b3d35fb63ee

SHA256
9b17a0325075c8e68020738ddca778bfb77619fbdcef823e27c1ced270f06a52

SHA512
8bd0be6871705c1b8dfe38e626161204db4ff9f50c614e1278a9612090e1025ee6526381cb4124ee3e22e512d33570b26a2c658d18cde48bf8b0e5748d16eb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
85a3ff5437c42d92947de6d984b3aed9

SHA1
c518c54fa8f865e9f1d9b45eb46f465d4048c03f

SHA256
c148d3db815b57fd110090c1e97ad50c6fae410c6e4c4f96a7aa2eece36e550f

SHA512
d67d3a456f9f756f27a8e65963940a12a8bad19a9f4a1beaee606a1343e1e293ab74fe0cd6426a97cd066ffb5bb04d7d770e01fc8a62c7a0939acb5b2bdfe163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
4829beb9510951fa96ebdf05ec187eb3

SHA1
32daef980a717bd9611a56b5877329a90ab6e9d0

SHA256
5bd3075c05fbb47eaa3c1ab10cd40b1ec3dee42bd419cf6cecb5ac0d5b9975b4

SHA512
8ba7f05eee5955584075e0144e0758c2f78f442910b1f427c716286b1db53f76e0b60f40aa51b674a86d667f59bb36717d954802e0cde8d4ae611a2938f5e3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\0dbc1f4b-2271-4402-a8ac-99e3500ad8fb.tmp

Filesize
25KB

MD5
a36e9e4606a1a5ee16ea8104cf1a5c7b

SHA1
e9fdbd0d5e058441e42da0a9443c10b08b4501a1

SHA256
226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b

SHA512
12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
261B

MD5
aeae4a0fb6c5906a5e517a66c4166729

SHA1
79d1c98a2862064ba31ebeb7bc4a965dd0eb283f

SHA256
654ff58db412e7241c18d86e41a8621816bdd394cec679aa1b454b644b4aa007

SHA512
ef52f7a310a595d7ac004305e06211a07a13e342c4774bc5af1cc05f32d12db8ddca2e40681df157f76df992639da0b2612d9e9e39d7daa0268918e1044d2c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b4a25402b9a0e66cf1aa84e0f80a7bb4

SHA1
149af6e8ea6a0271d0769c2c87bd14e18546201d

SHA256
226f048edb6abd827849abc51fe3f52b8900926e2dd7df6405f74daef8553893

SHA512
ed4b7b25dacd5123c425097b4271aac0433a8a8c1087cdf9b33f89ff787eec6421754b06bbf110ea13d2e346b6b86d4b791ef13581d17a436b68217a78b8413a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb6fa294cb93d8318e4134f7535158d9

SHA1
f23a7073d0bd97812145dc4a07386c8ff0ab5968

SHA256
8502c151c817cf4cb355acd317ab5bd107e0bf75eb12faa2014d66ec8c211f3a

SHA512
efd9b07fcc54f9b438ae8c99c5516c07b8305e6a1723e5dddaac38c9789ba5e4cebba921e08393af95305ed7acaf22d89c96e3aa4107f2d856a448d9a9616189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b03fe2f706145aeed0b8485a1251541

SHA1
c4b80e5aeb7322c2af899966ddc9746ef64d9858

SHA256
52be11f9a0b0295d4f2c9920b6479a991fc44dcf6bb14cd1c91922919b7f3148

SHA512
151c4bf7c9b81eba13baf6fb679bef0a373c4392be457b805893968e87c9d58899be1b0f9df3546abc7833e930b72380416b664f624141d1c8466f72332083cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2270a6ee68112d4920089fa92c0228f9

SHA1
ce3d0f13c9477b55bd006baddc97245c404e3734

SHA256
14fcc0b3452c347e1feaca9b0c5dc89af6b9bf58860b128d05845f08f559a0d9

SHA512
2276b6b6d94dec595f40871b648d8d639539ef125a7dc261b9ae83347307a7550cdcf6a3db89ee3007a1e111ed7d6fa3817e1ec6c4ed009661a43a16ae2271d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
990e3e05b8c12854ebeb73abeb16e40f

SHA1
e4b36c0600a4cf89ef45577b438752d6568605de

SHA256
774990a6cf5701e18a65508e81cc4c37abf37c826e04d2da34a1977e119cd726

SHA512
4d00612f49f82a94988c4a77cd6cafd60692e50fbf76e9582735910291384ad65222225ee5e96463fe5cbe89a3330e8d189fc3b4044deaee655d6c737a2a78bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dfb3b195c88cc63ea1b5976051bfc61e

SHA1
65e2c98293306050d52b7c0a80f009a384e3eb90

SHA256
f26023642a6fabcd5e5b2cdee93d67593c229a963896933113041603797a8940

SHA512
4bbe702cbfc880b98699093b53e7819494e9aae4f5c8c67d9e8dedf1def14d77723f67e04bbdc3580f5b5005bb37dd82b0184adf74f36a79f6447fa5a2c58abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
90648837f0423ab8171f98f3594a9855

SHA1
8922f3849bd562aa582e1424c11376ae1bad417d

SHA256
d0fb91168f2d432b176b03e60ae16adbf41b69253fe2dd3ebd59021f55d64aaa

SHA512
4b65d16a288117450653fd42d1671ddf36d8410c9c9ca907c2207f1b844385f7a816b14f999dff3f1ab44ef65d61410e52b43427e783d3189918ec7e3916a4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
48e4189654d7ee0dff8b5902ffacf2e0

SHA1
1c85502a3b9b4a59dc5c9e5f206537494ee5b373

SHA256
e9ed630cb64b128a97ef0efa7bdb2ed99457fb2aacab2696217f2067be1d91de

SHA512
6cc9b9608c705ae3f7ba5ed47e0668994379d25935ff8272eaace5972b2913bfab492a2a2ef8881ec21662d3060d0a971bdb1c163e59de8332a875824c957df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3779bbb542782d87a41e298d0af7fdf8

SHA1
6400a26598b54ba8324b87ed1b5bfaee3571ddde

SHA256
e41c177584cb4bd9e2aa577d11bf0245f67a7cb3dffd34466ad0dfee42fdf70e

SHA512
1d2973c5f75614308fba8aeca52ba953956bede164a24fdd0ab76db9ec39693642f185341fc59401a55c67f62cf08efc5fb736d8194f6c91ba2712ee7dedf0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
26b7561e496dbd1988bcc264d5cd793f

SHA1
1aa140710f33d7ff495116bc1d3f80c08581325a

SHA256
adc521a08616b93f4d25c5d9d13f42f2f8b094fd5a1927b2d5906157cde9196f

SHA512
509d068d02c959e2fd114e58eec799380b4f80678eca161b837d773290264a44e6f84affccbf53fd48f5540824ebd0beb3c78e9368f0af5a6734be95b7181f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ab0fc2af643f88f9cc43e5f1d3cfc19c

SHA1
64baa793ecedb6b21747db56e328ba1660086300

SHA256
842588500b726e37d844d0d1f206dae82476ae624041d683078e6e3cf042350b

SHA512
897894c8fa235956952f8da32106aaeac52d4203c0316d5db7751764cf09385361859d5d2c393837cc5e9176aea980ce7ef62901afaf2c2992c8686e250d13a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4d83218c69c3d2e9b1a596015a7a136

SHA1
9c3e25786dfabd4b698d278453479fb4db5c335c

SHA256
4015f74205279fd7fa030975efb3d076d51457c3b674f32c540ee03433527ca1

SHA512
8718267c06636a2eb7bfc9d88a3f76ca76dfc330f80fe243dbaca46a869ceba7968781c92c1379cac990794b2cff2bf4c8405a0b37c52ca21af4ff9119b573d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad604ed8cf46da79dc096d3d6d7b0069

SHA1
0f47416857d3547a574eb80b7aa8be6d426b0d0c

SHA256
fd48d1df28513edef21643739c2c3382fe03a5f3866401d74e809ffb83843f34

SHA512
8636ef10c2ac7a4bfadf2bd02efa17cfc800cfd6b6c4e4d9613870c0d7bc6109f6f64d2b45e9360e64e8ea5495f67f26e642317a009d5dc7511f4ccdea3b3f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
daffbf5f7c3d34fa60d91537c91b85ad

SHA1
3f9a9b27982d6590120ce571f4a1a7758d3601f1

SHA256
0c9f96378cb9de99059ebb6545afff581d05f0cfbac329b6dc5b5b4f2e238b3e

SHA512
9a64af998b13ce546a145795e4cf9f485c8530eed803c07bf22212760a9bc726090cdd13f1b3fc3c81499e275ce04143e66636707699889dd6812fcc3e03003c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
baeb7e8e0d03f386432ad0de4c35fa14

SHA1
f1831b2656ef22e874ee0754177ffbb2430bfd9f

SHA256
d357e662be7eb87d21be361799e17a5739c9e8f8779f7913844f9a18a5b74f03

SHA512
2d47f9c4f02ac91d4379323f93f924c7d02c4553288b19d256b3559dfaefcb28c142b256567e638c24676496b03eeaa845c369855161b4e13d41f10a3c23dd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
16fa085a65d6f68a97b35e09805cd8e4

SHA1
3b705a12d184f74ad6cfe193b42d86dee56a47ff

SHA256
281b968ee3c0c8511e0186c65f30d034a69927e4f11ffee7283cf9d8aa206e0b

SHA512
98a4d6e662de168a720b2455b10b8747b6bee658ce5d7cce3e05cac361d5a39734b35345b64c0bd46dae56e2a36939a1954a70489addb09f428f11643de28c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f684061c5704df0160f22f63052e4ba7

SHA1
17a254c4d472a968603a1929e73f81e7f07c41c8

SHA256
77eb8dced11a1321d35fe0b353192d4edc32466d59429bc36cf37226a9a5238f

SHA512
fa5bc95efe42a1e399a948c607c60fd954d855fb42be5fe593bb14ee9f98cf603cbccc2ae2146fabeb2fc0406bd52eee8d26d46013ee738eb42baf6359294735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8e3c96bfc87688aeeee108493cf8ff82

SHA1
aa9bdee6a54ee75992e449b5c9705d90f9d8e8e6

SHA256
0d55586f4389fa15cd7a8a92f0748e9a1540492953eac1d9141ae9deec8336ce

SHA512
ad46c3739ce72e90bc8d998f502498007db382f93aa215a39feab8008d71247a0cb0c957d417f5e803e911a10016354381f624d16064fcbccf010846280e2057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
007b9a750e7096e5b64e8bc02265ae1f

SHA1
f525ff6610faae61573c80d3fdfa37fe6b502b60

SHA256
4b59c7447afef2da19d54948d8a4bfcebeb642b05603ff97f941a5a7942e97b1

SHA512
caf9155e4d326f92f50f3fcc5e9be458cde204c833d196e72334c2b11ef4e62c1dccb84040abea2d8fc46784facc5929864a369f5b0bd75368830a9dcd5403d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62bdb440d25853d75196f53aac45bfe5

SHA1
2b4f57b0173e55688d03b049ee0f2414ba52b91c

SHA256
b26776a84eab0a4a49145ae63c07de1e37de3c8a13da07b7dbb1fa8044f5953b

SHA512
6f0a9520e0a6b3bb6a8819e21012aa11ba53d3a5db45b74f1bb5b05c6925936063150ab9b1cdbe3c528466bb337cedcecbf2ef9b190a15115a7cf33f9f60357c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
15a6466d30c567aaa163499727fdb201

SHA1
d6cec59ced3c13654a17b4dc330ce88908b9741f

SHA256
a142aebc996e5b72060f5a8df01c95a382ca3acb38d4cc21880e9a7f63417e96

SHA512
8fdeab84879235956813b1b0ff3e1bd3067695a9a816368203262b433e19bd2ff9af58e1836d94497e09d9f459e643d87ecb50fd13ddba2ce45481262007fe20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9b02e4c0d5fb018d11ebfade456a83be

SHA1
681593e967de09dab2080aa9d534a41d92ec7412

SHA256
644117161e5f900d0aaed0ec126792de7944a2fbf3042af864b0a76bab7bc351

SHA512
b6af921be967121b9ac5df254b0d3952fa262a21f1aa9b77e4478c5bd6fc6f36ed9e9f28b44215e267047f5a2ed482331cb9c16368f1f887e48ddb50b53f3b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b9e2e7a59f97744078b229b166507816

SHA1
8b2c87d5e2a26239bd83df9b855f0c9b2f08b30c

SHA256
b02a1762c1c381dccee5ffa4afc36846e48a04cb6e696196c85c7fa1e1ff1413

SHA512
e55798e9b826b74e99169b28f70938a6e69ddbb999982d03551102023e6cf37af59ce8fd6fe657b77e56f9defad13f0816c45773b5cfe58cce44d4df2970b0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
aa5db8ab116e4a63e42a1d59437f61e9

SHA1
74facab62096435f31348218ed15833308929ad8

SHA256
8815802d61582b95b76af9596a0fc8cefae0dc4606bd46fb12cf1e14e8bc62e8

SHA512
52b58211d7a1d1ad9ecb940834f476db41cb4f52c5a2b9ae5113cf7016487f0f0e6907a98685f5a2f8f561c59fc71085ff34080b8976ef9e20188f3001064a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5b187fd-bf0d-4d57-b7f4-113d18222918\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5b187fd-bf0d-4d57-b7f4-113d18222918\index-dir\the-real-index

Filesize
624B

MD5
cdbfed42e10c8c0e073c6c5dd2d2fd2e

SHA1
e1065c09547b0498166d54602c6cdb36a6b3543b

SHA256
a8bfe975752b1434d954ce89753d523ea6d2cd453c827d74f1dfba6e7a802169

SHA512
4c5028d2c963bc4f6ec41f89149e9772201b76ffbfa932ff4e586222a3e1b2348a3d95e6a89aad3cba18e07d802714c72cb9c6363ff08716b52bf8a9268d8130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5b187fd-bf0d-4d57-b7f4-113d18222918\index-dir\the-real-index~RFe65967f.TMP

Filesize
48B

MD5
480be7f2705b7e6d61e0a58074b61059

SHA1
cd40013ee47f8b4ce005961e908ce8ea57a2216e

SHA256
9429ef30f82c326de40715499bfd7430443233de4bfc39889d2e608ca483fb88

SHA512
a45ca31b4ec642b61d789a1f89b3e985afaad673399596a7528070a80dc26862cc30a700f5380b52da775d5aeba2a66b6f5c9fcdb56d8a862f7d2f955effed96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef8f48b0-67ce-4ca0-944a-7221e44373a9\index-dir\the-real-index

Filesize
2KB

MD5
daa00ec1ab6c15080d4d28a329da167a

SHA1
e6010f102110ceff8dbeac1dd9fe8d1de557a364

SHA256
7a6231521a8f387b5b1b1c68009b16182f1c30b5e05ff1dece2f078adff6863f

SHA512
561490efb794200903a7d538500d449e3cc5b306c8563f6254edd75f5f378453eddeb8284bb72ab6515455e6f2dc1bacd5b7efb70189197eb8602697b3d883bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef8f48b0-67ce-4ca0-944a-7221e44373a9\index-dir\the-real-index

Filesize
2KB

MD5
ebbd0330a178119e1706181d830b5485

SHA1
5bab1b7c5afed123dfed350589d96458e270ee64

SHA256
8cee147f0f67db85513cb7514b88a47fa383fe04f3b366fcae3131ec4ee3d549

SHA512
b7a830cc7c2547a0f6592ebec5dfc31301887308187b29261af370b94362329b974a5b683ea4bdb9137925509f5e7fb54b9e94529746c4111ab94f617df07510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef8f48b0-67ce-4ca0-944a-7221e44373a9\index-dir\the-real-index

Filesize
2KB

MD5
1c59d0c69b83f2e6272c0b5c9366224e

SHA1
f69ba69dc9cfd7dd212a4641cc97654a966fad5e

SHA256
f92c5171c1848bbc14f6abb2b15f5a081d8d84097a2292ad370dc095c28863cb

SHA512
78b5f1aa61a71478e29b1c87cbe7dd2ebe807401242dd3948e747d4d568abf6f0ffb0495c412d500ac24eb2fc66c04cca8630467cba3c11647ecd03b455fddde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef8f48b0-67ce-4ca0-944a-7221e44373a9\index-dir\the-real-index~RFe65bed7.TMP

Filesize
48B

MD5
f56d6d99ccd7eaacc53ea41519d3e5e2

SHA1
5de2531a95eb12c329f8379d6cb6b0fe38f0c20e

SHA256
c481a231ce3de93b64c0f865591f727fdc750829707e05f9db9c668eb2361679

SHA512
95728086670995835a4ad65fdded9adf9c3d4252c0b9ff7fee3283a25f3bfb3e1488b4e6c9d2006fa76cb24b23fd7ce5e9c6e4d104661d60f9edab21023236a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
d405a33025d48ef7f31049d46f28f6df

SHA1
b6897b2907324aaa9bd9506ecb96c09d3e57f8da

SHA256
a2b1b175d27da67b0263631ba7be79ba574e235523b236b262fde51f677dc830

SHA512
fb20994037e46deb936741466ef122bc4fec7bdb258fb468dd0ba8713462e81a36db39b1a0bd2f2ee29d513e40bf0aa1f1e4e53d000819c7a46ee16814c83e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
31624ef9a7c467418a3d17e89357b357

SHA1
b4e78d87ae5d735027ea472d20eb40a71d81c158

SHA256
2b453943919e6301d47868a2b7076715c7b2c24d5398110b16fb4c0ad22f61c6

SHA512
76b50077970b9ab6798e3cac91b6e5709871fdf9189d87d10d2f1fb55c49523991a503fd52ff9214ed471f138b30a131c636ed71ec053c7de5df264719555397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
9f36a139743293302bf4b1c8938ec596

SHA1
9289877a733c3d085a7ab2caf0baabc9a2651f22

SHA256
056d83c5ca93770101e93927e0947b908e4d53827fe5430f953f2e46d8361d93

SHA512
454167713fd3db041324a986e5e09056e542b37a2b3bd259c52b50d5b1ecb227f7cf6b3381efa03e19104e5c40bdefb0be831b8d81eff687dc5dcd49babdb07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4bab02eaefe0387cb2e3f50a2e38f88b

SHA1
6e52aba2832e5f1e0361e220f61a5f22330642bc

SHA256
b8fa3b67bae7308002db2c37bb75cc51014244e08dda1c9634662034f354507f

SHA512
dc0bea4a50d681ab1de4c5d51f695e0f7eb01d67f6add9569f79c72b0ad7ef1a342acda6731f289910b640c74fa8eb57ae6de5214a7879eadaefa830b506394e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
32852c29ebf950b2a33abe561a2bac47

SHA1
5eebe9dca590b7a4c1e8f82a6154df6539c6c8cd

SHA256
ff2036569430aa11504714d0b034ae1dc01789fe0cfbc89dc2d751fbeffa82ce

SHA512
bc886c8918e72c9dca5ac675ca4a40255e6e7fe3aba2abaaaf85c9ea34201f91229d01253db413c262e78ff1f87129b845cf0452c3f190c878dfaa152690d408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
194d76ef80c01a74dfa4d4dc71bf0ddd

SHA1
cf53f89d916a047dfd6414fb01a6b62da7f95eda

SHA256
93a66565cf89c3851c2f8fa34eaa3c3e2eef2229579e6126fcd949b7bfc60ffd

SHA512
673c5de5fb63bb362dbf0eff94ca2e42f20da489e11afc5a58bbd334d0389199c66f4bfdc476195755eeba1e47a1eab3b630b232214309d177e9165d8799c065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7fbdae03a2cfcd4ad82d339eeecc856b

SHA1
a5da9f42f27488390440974577ec1899e35333c5

SHA256
3e52cd07c81346dc6cf41c7d1ad27db0e2af899723885923104b93357b665d34

SHA512
678cc916e359bd60628a20816882644364828c0a3bcb9b0b1e614ff5f926c0dc4b2095491f0da2e4d80ac0a1420a53a8a37e77011b537c73539b5d40ba0381fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe653d53.TMP

Filesize
89B

MD5
7efeeb0bda539b0515a3c47a862ae7fb

SHA1
8ad42297ddf7bc8e1bfdbb7b3807702027e58281

SHA256
a2070314246d1f8a50fdfac37b0c3ec35fa889fb9da42588f68dd0d7f07bd888

SHA512
ea113a1484a457867ac6307aefdb9b1aa0a67b74151f1b3b08a40974132a9d50045bc71aeb64377f802d39bdf0538ba8dedf0112915313f89e49438d77795da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
873B

MD5
f1a423cbf7c568361f04ca6929473115

SHA1
57aa8b4970d6346bdd1a06fa57a631da8ea25092

SHA256
6165399a8593734f98d4541fec1a83e4b96f97acc8718378971c50fa228ccdf7

SHA512
a025b50bd1cbc0a26b26b4e91809cbd515ec3e9494b57adf6cfd83d9d23f35876b7c91289e379f6575f67bbe3097a61d03559cc7b0bc25661e743dfa590a020b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
ca88f7cf50d5b1df4289b0a83be54a2c

SHA1
0d17ce42109bf6138d7fc7c08b892455df882225

SHA256
c86fbae6c79c1e0910a916739918c547432be7e322b7a57559e5b3fc3f4efb11

SHA512
8ae8254d75608fd82a85ded89b8e9944a3832fce39ec5bdb6dddd1a415242e3da11f3ed8097d671f4afad1a1bfd164bbb1a8092e391863fc55dc7d4a42a560d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
161KB

MD5
dd38bdaa869c9c7c10cae4e92fb402aa

SHA1
512a56f4022ca4965fda75105d43a637a5844802

SHA256
c1e82d7ec5c1aa23a26b0be1ba440f77434f953d5e5cc49dff1efa9814ede9a3

SHA512
dcb2cc5f268beed90f332409fac0eaffa464f578e10a12820d8499604b68b2473f64de5e37a8d5ed18ba54173295c4da3af09935585e85becbc85556a4703934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
392KB

MD5
c8d2d3a6364232fc18050f6cd72764ff

SHA1
adba847257042f4e9cdc77719b702d43299a9a26

SHA256
f311a23e80ce8f0c6d4f105c320baf85e374000f3adbc5f7f625bc5d6d6cb03e

SHA512
ab37ef341cf1f822bf7915f18c0d4ab1e39431525aa4f8f9d66511d5d412b4cda9a9507801ca06b6c0e0437d603519b88891e2496e6bad8f49a90ef34ebb6d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
16KB

MD5
7a5eb1d32d5e7dba199ac4199e6697e9

SHA1
c9c23e8c4c3eb39884d45b6eea4cea97833d486d

SHA256
279d49784bb7070c33ecf4527f820e6048eb3a5f5e03339c2950957d4fe813c8

SHA512
8e447ca8155e625b800c04092d7a1cfefa9da5b7e9c4d9cfa29cb15c1e93e7ef672c69c50b67d26eafedf1844cefad04b3818d4c0ab57f3cbcc92c3459024ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
10KB

MD5
85ac3afc5cf200ddc25380c25bc8ab4f

SHA1
9d4ff2bc4aca4fa01234a67da9c7ba0a369ba5bc

SHA256
706e405b261e2d2ba05a621802479ef0c46a32d16bc48883eec603e48a7a92d7

SHA512
5f97a6a6179bbd2f9ba41c40af440c36a4b4fe6072538574d7f6f1028d4b85036f9ceb2ef0be95ed4474e6a0e451b644d1335789d0c9355f24833e4cc2faa660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
b2152f413f8047706738c7231cdc7cdf

SHA1
a54f4025209c6636464fbeb7cda327bcdafdf33d

SHA256
5524ad1682f86da74d138147a981ed6e7aae1cc9f862987b86c7126d63d56574

SHA512
9ded8b7e976112d3f0773f8b48c20931a2073b84fe48af0f3b5247de15ba22d5a0137d7898a9e9cf39e88c334998d714d485b073b7cc4cba16d23ebde93f1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a81522511a5cc771da8064dbb65e7889

SHA1
7e5bcd366e61e4ba1f5a9b428cccf78d0e2571c6

SHA256
b072c796e136ed4f8e44b582e77073ee58fa50374cc77b19ed76b51f4e466e5d

SHA512
286426cafd10ad6da9a218491e2316cd83ab54d6ab2e346a41ffe9149188b5865a1b7fa068bb22cd75d8143eb7422a733d0ca00178fb294e7deed3cc5073b354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579e82.TMP

Filesize
48B

MD5
93b24425640142c6dc1ec14324d2d3a5

SHA1
593ac6e2fcc7e8805f08a78097e1d0f44b75b5cc

SHA256
1e371640b714ba8a50691904c33a3bcecbbb8e13c9a3a92ad7a55779b69d0408

SHA512
5791c9898b57fda9021d9e5a3a6d8c5c529f1531326a7969f3a8591e17248bfb1c2957a053d08bfabfa5f3f0afe8e3a4de1bd6214e5bde13bb50a4a6521f32a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7a3c242cbba211659365a9c885e2020a

SHA1
0b217e4a0038332485228e5714999f05ffe9f22b

SHA256
26b4c6684a702b181d085ab7400425e712aed681668b6f3fd5401325b5fa10c4

SHA512
e1acdfbf6e494d48036479c1277bf55dbe26b147ec6ec04fcedfaa48ae1b359eb070ae8a7684835a886742444d09cfb348fa135ab793d9e20324ca7af5c1c132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358107342420516

Filesize
16KB

MD5
fe81fb7bb3aec0b336afbafc7d697e7f

SHA1
327fe05df8041897c66db20dd109c0fa62299a00

SHA256
577d4a90c24ed8e03d2daa5babd02255b64635bf96dce360a400178422e08cb9

SHA512
f6ec12ff2aee9d722364170d221cb50fcbb97b1a3b91801be9c62ba146e28b71e3bd94656e450c41fec88490272a009806dc08ac7c8dfb0f458536cce588337c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
6f5a39cdce2c2dc6d93eb7b47ee03e0f

SHA1
5a0f052cdb5d1c21bdb46c672b6bcf54831fc81c

SHA256
aee98741894988444c5995047ecdd3aaebab588b44c582e2f0dd3fc86043ad12

SHA512
2e7df6b6c9c042b47d9ebd1ab2be76398eb4b0fd88a76c568d5ec89a896b1a8b58a3c5dad0374745f777fc0821f62d51f3a9aec9998c2688a11858d4106aeae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
9f1e11baef29b5502c9ee270ca34c06b

SHA1
943c8ba26414f243c5c46372d7ad9867696abe74

SHA256
8ee4847e34f6e979dff8d63005c0b074fab49353a07ab19c694618fd0be76b0f

SHA512
ed99acde14de7bd8ac2faffc6941eb4e7b1fcc86083e08e6e8edf84d46d5ba0dc57e17e9cfc7930039aee71c00fb5c9b3a8874322b5bde8a45ea32b8258ccf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a6202badf7b5733cae1474dd1ffe8c42

SHA1
b4c208c3d84ebaeeee27f77277566498dc3dbf3c

SHA256
d231be989348ef79f871ec50056e6b86d259072256d4b4e3e685bab460a398b2

SHA512
61d327bebf692ffe5baffd4eaa7ea4364b8653149b397eb7c489215b8cac22cfd54e7b685ccdbcf722e2895f4cc09fc38ab887c92fb4ae513e63248281be1562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23a4f2c20655860cfdcbefc637b52b1b

SHA1
34bca7985b0766dad8a6a59fcbe583bfebfb537c

SHA256
bd5659a4aee0f8152fbbc113e8ad7b7ab9bb2cdd4fd8f88ff94333aa7abb86a8

SHA512
1047b9be158834e648b689851004151df1d09e229c7343adf082dedae5952639c61fa1c143db76bc85c81607cc317b178d2d7c9c42de4d846ab1691f69326931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
235cfb89f786d4886ea3b51367b2f1bc

SHA1
3a3673cedeff7c3953435a4514b19c9951fdd853

SHA256
025b948196c33af0d7fb684680760f0ebb712ba5ecc8daef7ae2e7c8c8d7535b

SHA512
127cd26f8575e9692e42412fe38382a37e46138c9b86ded8e4ffcf5e160b92483b8e0ccfbdcb0be0a79151bf65cc418fdc068c445814b459a6defe9f351c25b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
137b7db8f0eef10ffecd568819141236

SHA1
101d4b9721518bcaa5183e3edb7348cb03d40c00

SHA256
b806ef52542781d858f07d8037fd71b5c41db5f4d9135a399d16d3454f4ce253

SHA512
8a1a434ac6d2f435fe2d211c3741b4cace671325ce0c455ea0fea62e1a15f943b958e4181ca961685f85cb8951b6c59994c23c38a5dc91af81f3c429c48abf42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9d939df34ef715948ae8a30372c8552a

SHA1
cfbcfa864b0fae636f9147ceeaf02418f76cc13a

SHA256
8487cdbdb15ee469a3026e763111b25852a573b4c5e09215abd64a9da14661b7

SHA512
8bb948cca14d28ee5bc6044819fe127d524509edefd265fbdc14a253c5072c9dde20cd071b02ff6c80123c0b0047714e3953e54d9682da4243d5ccca857cf1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
af56f6aa0d54700c98ed05f92d827d03

SHA1
ffd4458ddbe87a272b97f58eef36be3469e2531a

SHA256
adb55d1298246622b5f5dd3826368fa94797c347b34d5bd3e36d79d0cb31bfcc

SHA512
51e7a64fcf457c4cce4f4e246238c8abbfba93d66694722f34549f4b2df105916ea5bd949897830fee3ed6543aa03e7302da053bf627bef9f39c4ce1dd9fd44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7ddaed0a09b8473279369d8acc99ed21

SHA1
e397d721176d71f334dd7756f4862995950ad311

SHA256
02c866e5d8090e0f7ffa108532773782bbab4bbdacf3c87f148a8fd838d08d3c

SHA512
e4b814045e61992fb96b638d1900f09b11a31ad85329e6cdac0175ba04939a154e4f0518c30d92c646c3bff51760c9e568f0b3d141f5a1cda29fcb0c09167292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e7f5774f02b86f3bea5d503013029dfb

SHA1
4a2c68175c5f6b8e9c2b50d636d47ab8582f52d4

SHA256
0e591b386338396e295c644a76efa73038503ad37ab3198c24118c29f7e62b7d

SHA512
9220d4c84c1b5cd3172b83b64bee821397de9541ad9f1cf27635d17fc10be8e7d95fe398d3580d53354f62708e5559335aecbe60e5675513da2270d2f8d622e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6b74aa57bb1aaee4898c5736466f313

SHA1
d86eebe8ae4baa0ef3612c411c4841e8dbb87ce0

SHA256
de10db7f73e18c84f728a36847c8c6d55a2fe06d644ea9b718e5238a19da1d4b

SHA512
9a9ef6c5522ea76154899460437a988703b1aefc6b83b0be6fa98ba1b4be190b3540600f27c51c7d5eae68746f35e8a9644a93c575c39875b7d0d21f172a37b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
d5f4a178986cb34b2e22e939449f1194

SHA1
79b7eb07a6b3cc76d3ae390c0c7f25f6340f4eca

SHA256
f91f34b0a9ded3c10c0c517c5aa7f38b8d624023428c9ba8bf4ace5909c115ec

SHA512
4a08d97c41bca10d6753da288116d350c7a3df55c605b9740eb98ae3463706d699752269b9dad052c7ba4fd177bd2eb20d55530327c50f9d1fe4e7bf1407924d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9dd0e0e88a81cd4201501ef01a499ead

SHA1
91b0b5fe3bc2065a6a07d9924af0e6d48538f68c

SHA256
74e4ed36f93dc06197abc069d7ab3d2aeff56dec615ff48ede9c39198a473691

SHA512
628c9592a7432f612a8989a5ff328f2b1a7d9d091878126bd83199672c7945dcde31322af291d851d7068c3aed65f4d1efb9486963eafc7989a7993d7de63a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0614d798f8d24beafad74e6789766b07

SHA1
391d12875cb626cff6f94a3a463434d6f63e0377

SHA256
f30dc6cbbb6d523c4ca935b0959f1d91be08ffa99ad5c4ed802c806e0ccb4bd9

SHA512
d68440ce648427561ce32d981b0c75cbca7c382351f3b7c7cd9fe70b46b112f7903559249f7c94dca83e113ab13087c1956f0b0b4e1acba97b15fa610669818b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
915fc895031f1f58b98250518e0fcf64

SHA1
23f7cf17f277db30943894321f6576375270a92a

SHA256
bca980079566d03c810b3d93b0cc1ff75051e2993562248c75fe4209cfbb5381

SHA512
48b20003c6f24239c179b98e41b42aa3dedcbc17a1bd9c18416ab93e34674819794c01a6dbd13dde5b31ede54064f352f69459c7a6330647c14ed3fb61f6636d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
af75682ad5520d08fdc58c045b5b3523

SHA1
f94a2bf91e973b954aaf58c95bb8455287356af6

SHA256
c7cfdd6f2861947b966e22567923d9e99f03fb5ab4f47fd0afaa168b30e6257f

SHA512
79034f25655eb276408be09e51affc3a95bc99b8aae05266c7f3fb17dc5522574cee67e1911d2f4dd5617532e3cd1b5db0ab0a240989426d87f1ecb0f4cc50df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
c7fd13f792af7e9d9bd4a5fd9e03633a

SHA1
8d133e82beebf0897ac7398b2d4dc9e4adcdc64a

SHA256
d016771ad7597662d25d1e57a660b331abe29fe67db680857646f67bd1793ae6

SHA512
72ed5628f975a2576fa4be31f405afcb80db1cc0e82a79e697091821abfe1688a5cd3961f1c845e6865f49a6cbd2c678a1e79d9b450dae7a8d51ba9c30b2a265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd71cac6-b39c-450c-a39c-3349eb5eed63.tmp

Filesize
4KB

MD5
60c25edba78cf5b3afc26ac66792dcb2

SHA1
8a1f46ca1ca78b5513b0045cd0e21cb5b0ad654f

SHA256
7f98e75c54d179c0c5f9fbc48d5d66f369cef6cf9f172bdee6dab16ce5a8ef3a

SHA512
dd8afd91425f3fc21d272fcfbf7437bd882ccc7400c7484a335450996f9077f2bc6caf9c4577216859afd2eb083738c848559a1e16b932b0717a5ae7ed88b2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
e339ce24ebabf2ac249b7c7b2f0085e0

SHA1
9a75459656921d735195d30c4dc70392b47ae80d

SHA256
ed1f3e7bc9a2ae3b6a2eb8514abd661f64a773a2ed03bff60250e603a573b584

SHA512
759eb1f6821fe8c5430508db503b7ab6b908e86e5e6adc235f9656d94211a69667b0e4536b381a351d59540a01bc099255293811a3df35fdcfb66dbe1ccebd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
43KB

MD5
c362611eb384536a926ee8030cb84b55

SHA1
26d35f0a3b6bc85bbd21a5de36bf9df96fb77820

SHA256
70bde94f051938c7637fa552d70e3708700ed68cb5598f5344941cdf7bd54505

SHA512
2f48c5cc5dc9ecdc99ee18b950f6dcbec3c9d3f87454edb06cc35501770a13902b04187b49babc2fcf397532a850e4287641cd13dc8374557b301c6d1245e77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
2f60291f37863b6250c842d57f963a9b

SHA1
be8d6c74a32090f2a42a165bd0243796e52cf272

SHA256
64f5c8e024e57c238c8df1ff73184f785089de20b19a4c7a8d4741bc72377e29

SHA512
dc8aa0d252a14a55adf9419e8ecc4f43903217b9888f4556a02355cec27f0c0896b4b641b56f47c963bfe489d3f76ffe5b123229255a727f0d74259f029e1b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
652B

MD5
b7d689cc7c34492d911caaf4d09ec474

SHA1
d7a63c75c8b92a13e4e4176e9e48b5ca59d7b12c

SHA256
fdadd4ee900151e9336bf8bf8a9da31ec1edbe79a0d93afd3da55e0dc5706ca6

SHA512
aae1a096c8e05dff1824a8deb2d9529f22496c4730706bfe97c9734271976ca55ce0e70cd2be09da958264460c07f9e46eaf5d50e36a95b0ab57b14b1eb828fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
c70e19b5c9e0a6f8dd4b091a8c0e78b6

SHA1
da93c0b509bf3e6518b39e1b160e15c82bb3dbac

SHA256
4feb3775e1222112a042e7852923d37ad00d16caba4d89d4b95b12aa734c6adb

SHA512
46dadc0403d1d92974f3a9f9b5e80ef7df38436caed0f0cc846f5135141421e432d1258608530bc873b0760e79a9ac8ce2129cc008fcf42a7339b92df51c7f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4f1151729c52713b746cf5f23d3450b2

SHA1
6aaa20609d7492e420cbcee6e67812a18c5aac41

SHA256
755402b09227f8e3c0848ab947ea6508a2e301c588a1777af4d33e6b0018bead

SHA512
5680bb4b605ac5d464b5ce3fa29da0b040556d9e8e3a62f6a6b1e929ba2c905f301bcb96dd877b459dd49d6d6bcc9257910182819015e87c9f69e8f2c393beed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a8c1fd3c8b3d94f5317202cb86e23f28

SHA1
82b8341a32bd27e9a4a042acf64a555edef38475

SHA256
c0e84f549ad1b8366eb8311e2feb98ccb1ab2b09b51556aaf3a282f904e61a39

SHA512
1fd07a7df23600a6fc2a499f3fa2eb055b03f29de104bd7dd1f4bc7ad7615435620332fb85974791d2e4a7503f218769dcf05c7ccfadfc881a7654650cd5533d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af5906737773afca042356fcd1b0778b

SHA1
4da992a7b3086169ffde9d7371c4822451b82048

SHA256
9fc2e4816d5ceff16a96579be26059067af51bf2d71d0f57c95a4f8e48b54bf3

SHA512
369c0b4cd6a8dce17f0bdd4f54b3fd0e9093b46aa73544dbf66aa27d4018305b7a979366b998e96bc3c0d8c92d70bbac01048576b176dd7fea13626b8c80a7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7873382982e84e58206ddbe505d60073

SHA1
cf755748786defb576f22e31786501351a8d859d

SHA256
b0173cd17fd9d613f8a39dc44afb515c213694f249245241b5c525380039d3b8

SHA512
08011a4725e3bc4ed0cbd264a7ad8672bd8eb5bc86f881f375b0b2d9fca31e166fd57b6d9fb3e0fed31da7088413abe6069a1af5560d90dc0b6973fc37b02867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d4a7fccc88a4f83edb2cc90322391123

SHA1
86811b2b397c97ccad95ad19d7a2353c52e3a430

SHA256
db44d522d8375346e08ab5b8b8e134aed620d4e707e4342be7d09383ce161364

SHA512
0930cc2ffd7e393707d4511d4ec7b60df585d5412d7941e0473c6f263b55b753a015c4bd51231e6e7aaf04d00d02bc7d584583f131eae3d771c87f342e30143d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a66b14e0233ee65c69b6a2bd6e66a76b

SHA1
7a616dbb35bcbeb342439ca0cbc92b801920c5fd

SHA256
9d0c761eae7a5369cf53b3f14563669be599d18492b19e36a792fc09c345e043

SHA512
731388adcbb6d2f2a86e7dbec7262397eb9d7da387b1ba52f86060eeee675e4fb8d7f6aa139bf7691cacd1106197125104d0860f9f9926434a75de49c3183c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ddc400e424aa15dd8adaa6f637884e5

SHA1
232b87cdee5253b8044883873635a56355074f3f

SHA256
c151d38ad9056c69c296812e1c56c7d50b2ed6c7335c68ff360a66248a5494c1

SHA512
f6a7f9b1b4b358c3a7e2ad427d85a17fc9bf7b4734b310448ff57392fd3a7c9a5472bb4b66d437559c26d763b3bcc1afbeea1b96ce94857e94a3a55dc8ea8144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c1b8a10954fc69403d29efb0487be0f4

SHA1
d6492483006abcaf2c76b44f93b7b2d08c45f206

SHA256
81af3efa450b6353b40cc918b7d6f37f5b2c9eed8f5f3f5456e08f27e8351a2f

SHA512
373b34a94531aac76e102c2d134ae1c73c7a7a2ffbefe6c02ae17d0d77cfcd56d40570cd80674e0f2458ed068e1fab5b17852fb50e4c0c587d4f61cf750f84da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a140b5c3ceaae04f4ea27287103f44e4

SHA1
4ee6a0775d86e6de281aa3f9354c7fa640b1a93e

SHA256
e848aafafe8afff71a863e33bda637b56c7d808da59c9b09f8dc745ee9df7c2c

SHA512
80f7061565751a0d8b558f3a6134c5c3a7bfc3cd01de300459c76a4e4bf46d2cc5b31def407754801d1b42ca3c61f0b48da5c5b65d5099cca176439dea216e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c1fa68a6-7a7e-4e5a-9aba-91a2d82fa62d.tmp

Filesize
12KB

MD5
f531fd039b3f49fe6c307b90b0af583a

SHA1
cd4dcc74140bd8c034afa59792c034526fa190ea

SHA256
f8b1f90e8da48aa65d4845ac164fca7262344c2447268d09d0a548cd6bf0ec6c

SHA512
0621a004927dc88edf10f9f67e6f8d8814d5b2ff5ea50251d03e62f944c8bd4a09952da8fbb47180d1888d26b572e6ce084a9fe017698ad6cd4dcce16a3e8930

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC13A.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC13A.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC13A.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
35fd4fbffbb4bf38bc8a192131702feb

SHA1
c06e98d96db238c12377cab487905fd127f29339

SHA256
61206b90ba891b6e7ab2e1155835361e307201eb2000e04b604074c925329def

SHA512
a156eafdb8ea8d64c852cd6b4a8cc00fe3f6185b2c9df7df03987d46dd8b3e5a72dfd8ef1056e29faf05756ee5a7df6fae9e1dbae6992a4646144e49eeb91b43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3b425fc36fc764123195af5ad4210467

SHA1
f3fe8acc587a799e7feb93ee1f78393d49277429

SHA256
e885a589ef423a06405c45c87d95fb3446e0b976094ad50e2c40a13892b8e742

SHA512
68ed483cb44dadfebee9c84349aace01dc548f9031d8ab0e9dd2e12c47a5d1e1717e9f0a15a5cba318bc2e55b9bfae9c9cf721d23a6d4bf824ee9c337c541634

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c370ceba242cebd0ed534b6ba43be2e5

SHA1
e36f8e5a0331e8fd149af36e43c02e0fc7255d17

SHA256
80442ce927e83b0b4323de1d0d56cdc3e3257c4c2b8d7bb44245a6d1a3899852

SHA512
b78ebdb6918d8a68f2e385a9372ed901d431aca752f10e5eae2a5f2f968e120aed34398a207bfa3984e4e567dba682076159d46a6f6f4212c8155a378cc3c5b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
82a205978a152f4943a5861e3a1b5371

SHA1
d52f4594b5236897770ba8101f416fd1bf1abd33

SHA256
b8128b3dd2acf85cb8fd077c1cd984c453d5fbe003b330698762c311f545786b

SHA512
b0308c6a36f34e18c99615ef570f576c600eb845fdfe8ebf2ea75d1b1c1d7f96395c51b935f16611a3a422ced100edfcc633f2517fddae9e463b3f1816db148a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2539fa72fadcd10c3d441ce202472c84

SHA1
cf574eed9bf86e32806f140cf3c9589e9a64c536

SHA256
65ee6caf0ba3fe319fe83e4b3a43d0fae3946b3534de4aff5a99089b5a272b05

SHA512
986aa7a781b9397ba0355f133ee9539d5772cd2cffda100ca97ff78bb0bf604e3d912c80509a5acdd7c434382558ebc1f3600c4df5582921e774cf954dc55799

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
843964bb9c3ddc77bd365a43aa39ed65

SHA1
be808175f7e11a34968d89d6f0a738a64c5c107c

SHA256
cba1be288a88b46fb11edb369d1c6bfc485b38d711263beca97fbb7981825266

SHA512
8d3877dcd5e4b2da12e6ea6be43c7970e6c82966917e8c79c9412f764af4c25f00aa64c2fc3e7f35800f60d70161344b83d30783cb924393dd044173b799a5cb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
344052f3a161c0097ea661e5adaa1090

SHA1
401902044c294fb0e79914c764ae0c3469510628

SHA256
80c63dd8e8318836124119ad93f8ef8e33709c0456c3bfe9c64ac0bdeb56367c

SHA512
2de34bc523d591e7523375ec1b3fa60f0fa0284a1e84b2936607f765fb5d83d0ff6d131092d08dd47e599c85a32271459d86cc39d2bf66f33a9c04cb1120b81b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
f14b4d9b9d6d9103fe603c14ecca1b41

SHA1
b59dbfcc8a48caa81fe9d73919b71324d010c273

SHA256
8875a8abf47ae9bfa0e9ca418255f98befe8d3237573af50d3b64bafcdad963e

SHA512
8df6674f743eaea163101b3525998dda97ca230a012dd213b3bf69603e397e045920664337dfd739e37307c9cd779c9737062ff9a6ef69c318695e04f56bf357

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
8a2540c5392768bf3d27d94bce7daa7a

SHA1
dcee3fd771cc3091a9f81285d6dff499718576cb

SHA256
90dd606f61968d0fbbbceace835e006cbee5e0763d92891695858e9f55c23734

SHA512
3ca592596652598b84bf7697e0da784ad3893f8e10bfbbb7a0123c6e978a6b67342c13f60d91e0ef9eed433e452744d989f6bf6eee9756ab4e12bd1247785fa4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
cdaff1df0de9acfa6aa29c84ac9bc820

SHA1
345170afb2cc1146ed3aa35375213791cd3e7241

SHA256
e9b9298689d34b47ec47ba5ef4154443df062ad1d3990aca4ac2b2f3dcc065b7

SHA512
b49e8ed835271ec94cf62821e7c35c11a256c3df4291edeb49dac3dce4a8dd6e107d1f362c7919a5c42034c7c827497731b7b151223debfcf0514dedffbe47da

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
1593c887d620300deb59d0ae394a9bae

SHA1
7ca50c3ce45f211c13c478d89be8595aae7af651

SHA256
9542813062782c6e0e265e8291510d90520b539b899fa95adb9f27a8a50283f5

SHA512
7f45224ffd3c258509520b5f08e3c407f47cb66fae95e2e19e3ddc7773b30972d9e9740aae42b69422c3081da0bea3de8d530d6589d46ec19e38d56c90809a8e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
7ab9c784be1dfc054a0ca1616669c2c1

SHA1
96ac6fc618cf059e01bbfd93369a710c068e940a

SHA256
b1fd855fc691687d7c2355d97b83ce0d6efb74eb513e63fc4f5c178e5a54f31a

SHA512
1dc0d5b36eb4ed15aaef8428c126555b23d306048a7fab2278887952415c917a50287ffa857d9bb9561b6f4cc2dfab273aa5baa4d35601b9abc4f63dc2f61204

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
5a4418319f4300bf7e5f7d084b905dd4

SHA1
24a27c7ecfbfb315fc0b035dab34c2c7fefb7df0

SHA256
f13aea59df5c884bdfd62487324af8e45bb2f18798fd4630a335b7a1e04f1bcb

SHA512
ba9431886b1386bfdf90719179fc7fa57c950759b5b58e729dce23a6e54b84f756926f3ea3c26c720010c5939658b7d6b990c6bf4243a508e89db4ea9e63b47f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
c636a0c01a107d1b54b136a2c417d23b

SHA1
78c839936ace20f720e6847cf3111bc830c4044f

SHA256
cfb33da74048555c98001457ecf5199bcaf0abb3eedb57c340f8eb720861dd48

SHA512
ca616621babdd4f2da075eb594c5d1b8dd7f7278b1ee79f93f8c6d7aecbd081992b0952540912de50be64ebdd6cee7c299f90df92900063fb99812300d52d2c8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
fcea32b84b65bf43b9173c4020cdbf49

SHA1
22c8a8d83182861b7e01e05a204c07897f847af7

SHA256
929c8045191e812b57a20310647314ee5028c620ce981d94f07e55f5851baa47

SHA512
d50b8306916bb7b18f7791ac125a8004c9459fcbc87e31c04e4a5b9faeb1a2be71caa84764e22234d57ed4dab224516884ea5bac7457973a2ce09b8610d66a01

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
72KB

MD5
0f83f065e33eb7c5bc87a837d6e851f7

SHA1
196198e2dce4b961eb16fb0dbdb8868239389e54

SHA256
5b33ee5b99179f87749481acd6bacb07965e58fdc46000237acb5ba1272c9bb2

SHA512
fde9f2721e5f08dda7bdf1d13ee3d85216c659f414e1204b7377d8b1a2d7d3b6e875faf4b0dcfb14125b4cc57a24fd206ea301d34cc65e5e8b31631c9fb69de2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
4679939aa14712692f37e22f2c3c52a2

SHA1
f52815fbeeb6c2087ec5ee695665dc51e6f1a462

SHA256
01c0b5a75902e82bdc9a6420b2ca20a86382eb2cf730f43ea44b88b62e5f479f

SHA512
5558fd7165368d9e726f573090a17d490f1bb9dda608590574a95bcff46a31a18d1e8fb024405d8642b636f43432d584ca519dfe8c8bd80b454f31a60740c247

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
cb1b911461c36b897f604ee11607098d

SHA1
e67809b29eeb29b8f75f1db1ba2c12e714f3c747

SHA256
291dc44aed1339a03f8bd8156657f6ebf2dfa6f1bca26f583d0a7b0d5d68c0cc

SHA512
b9134384047c08f86c2b6f20385025c76e6f21dc2a0f1c20144e6e9776efe8d3b5b55c6fc7f9bf28fe2b0a55f42392065514f7c473b0179debdd321a599bd927

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
4.1MB

MD5
362ac744e4277aca47518e0e23257801

SHA1
fd03275a6129af30b3c6ebe5a5d25ea76889c55b

SHA256
089b27c617f86f1f0e1a81965e3dd055f94e667f6dfd7120797f9ac4de8192d5

SHA512
c5900c173c9ed8311fab9ac3430f5884584d838c3e16654cc6e93da3a0ac06e5c9fb3b4d729c0a84afc661cb4212a4d02b6cf58f8d3d052b853dda80d5c0f4ca

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
b7da4c8646a1b47d6c0343263f033ce1

SHA1
82e858badc53e6a8a771a1706f12c8591d81d9fa

SHA256
a720df336fe44ea104b8167780bcca0896aabc42fab39e0a79d303b3f180df8c

SHA512
24f63430a8a930882111b4019564b584d3624565cc927cc411227313c174551245d8900985801796e8bd92216abab0ecea87d99e85dd54ae8500b84be7f4e7dd

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe

Filesize
99.7MB

MD5
756994cbc174b3e69dcb4377e8a7b3c2

SHA1
2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

SHA256
8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

SHA512
a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

Download Submit
memory/968-4700-0x000000001B820000-0x000000001B830000-memory.dmp

Filesize
64KB

Download
memory/968-4699-0x000000001B820000-0x000000001B830000-memory.dmp

Filesize
64KB

Download
memory/968-4696-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/968-4698-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/968-4697-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/968-4703-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/1016-4706-0x000000001B240000-0x000000001B250000-memory.dmp

Filesize
64KB

Download
memory/1016-4704-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/1016-4705-0x0000000000F20000-0x0000000000F21000-memory.dmp

Filesize
4KB

Download
memory/1016-4719-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/1468-1457-0x000001AF02D00000-0x000001AF03055000-memory.dmp

Filesize
3.3MB

Download
memory/1468-1458-0x000001AF026D0000-0x000001AF0279D000-memory.dmp

Filesize
820KB

Download
memory/2224-5753-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/2224-5750-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/2224-5751-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/2224-5752-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/2224-5754-0x000000001B490000-0x000000001B4A0000-memory.dmp

Filesize
64KB

Download
memory/2224-5755-0x000000001B490000-0x000000001B4A0000-memory.dmp

Filesize
64KB

Download
memory/2224-5765-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/2636-5758-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/2636-5759-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/2636-5766-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/2636-5760-0x000000001AEB0000-0x000000001AEC0000-memory.dmp

Filesize
64KB

Download
memory/2636-5761-0x000000001AEB0000-0x000000001AEC0000-memory.dmp

Filesize
64KB

Download
memory/3152-4623-0x0000000001410000-0x000000000144E000-memory.dmp

Filesize
248KB

Download
memory/3152-4618-0x0000000002E00000-0x0000000002E50000-memory.dmp

Filesize
320KB

Download
memory/3152-4617-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/3152-4616-0x0000000000AF0000-0x0000000000C04000-memory.dmp

Filesize
1.1MB

Download
memory/3152-4619-0x00000000013F0000-0x00000000013F1000-memory.dmp

Filesize
4KB

Download
memory/3152-4621-0x00000000013F0000-0x00000000013F1000-memory.dmp

Filesize
4KB

Download
memory/3152-4620-0x00000000013F0000-0x00000000013F1000-memory.dmp

Filesize
4KB

Download
memory/3152-4624-0x0000000002E60000-0x0000000002E70000-memory.dmp

Filesize
64KB

Download
memory/3152-4627-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/3152-4622-0x0000000002E60000-0x0000000002E70000-memory.dmp

Filesize
64KB

Download
memory/3596-1453-0x000001E94E000000-0x000001E94E355000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1454-0x000001E94E360000-0x000001E94E42D000-memory.dmp

Filesize
820KB

Download
memory/3744-1456-0x0000018C5FE60000-0x0000018C5FF2D000-memory.dmp

Filesize
820KB

Download
memory/3744-1455-0x0000018C5FB00000-0x0000018C5FE55000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1443-0x000001EEBFC00000-0x000001EEBFF55000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1444-0x000001EEBFF60000-0x000001EEC002D000-memory.dmp

Filesize
820KB

Download
memory/4400-1446-0x00000201C4FC0000-0x00000201C508D000-memory.dmp

Filesize
820KB

Download
memory/4400-1445-0x00000201C4C00000-0x00000201C4F55000-memory.dmp

Filesize
3.3MB

Download
memory/4488-1197-0x00007FFF3AF50000-0x00007FFF3AF51000-memory.dmp

Filesize
4KB

Download
memory/4488-1373-0x0000025417D00000-0x0000025418055000-memory.dmp

Filesize
3.3MB

Download
memory/4488-1374-0x0000025417810000-0x00000254178DD000-memory.dmp

Filesize
820KB

Download
memory/4488-1198-0x00007FFF39AF0000-0x00007FFF39AF1000-memory.dmp

Filesize
4KB

Download
memory/5920-1090-0x00007FFF30DB0000-0x00007FFF30DBD000-memory.dmp

Filesize
52KB

Download
memory/5920-1088-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5920-1125-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5920-900-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5920-808-0x00007FFF2D360000-0x00007FFF2D36F000-memory.dmp

Filesize
60KB

Download
memory/5920-807-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/6724-4721-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

Filesize
64KB

Download
memory/6724-4720-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/6724-4726-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/6724-4722-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

Filesize
64KB

Download
memory/6856-5772-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

Filesize
64KB

Download
memory/6856-5771-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

Filesize
64KB

Download
memory/6856-5770-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/6856-5769-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/6856-5768-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/6856-5767-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download
memory/6856-5898-0x00007FFF08DE0000-0x00007FFF098A1000-memory.dmp

Filesize
10.8MB

Download