hxxp://yanderesimulator[.]com

Resubmissions

15/07/2024, 17:18

240715-vvsbtatelg 1

15/07/2024, 16:54

240715-venzfszgjr 8

15/07/2024, 16:52

240715-vdw9fazfqk 3

15/07/2024, 16:46

240715-vaa7sssgka 4

Analysis

max time kernel
1794s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://yanderesimulator.com

Score

8^/10

evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.5.1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 23 IoCs

pid	Process
3888	tor-browser-windows-x86_64-portable-13.5.1.exe
3732	firefox.exe
6072	firefox.exe
3588	tor-browser-windows-x86_64-portable-13.5.1.exe
4612	tor-browser-windows-x86_64-portable-13.5.1.exe
3704	firefox.exe
4824	firefox.exe
5828	tor.exe
5256	firefox.exe
5544	firefox.exe
2960	firefox.exe
3724	firefox.exe
3088	firefox.exe
1608	firefox.exe
8	lyrebird.exe
5280	lyrebird.exe
3204	lyrebird.exe
3996	lyrebird.exe
648	firefox.exe
5132	firefox.exe
5516	firefox.exe
1880	firefox.exe
3556	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
3888	tor-browser-windows-x86_64-portable-13.5.1.exe
3888	tor-browser-windows-x86_64-portable-13.5.1.exe
3888	tor-browser-windows-x86_64-portable-13.5.1.exe
3732	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
3588	tor-browser-windows-x86_64-portable-13.5.1.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
4612	tor-browser-windows-x86_64-portable-13.5.1.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
4824	firefox.exe
4824	firefox.exe
4824	firefox.exe
4824	firefox.exe
5256	firefox.exe
5256	firefox.exe
5256	firefox.exe
5256	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
5544	firefox.exe
4824	firefox.exe
4824	firefox.exe
5256	firefox.exe
5256	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
5544	firefox.exe
5544	firefox.exe
2960	firefox.exe
2960	firefox.exe
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe
3088	firefox.exe
3088	firefox.exe
3088	firefox.exe
3088	firefox.exe
1608	firefox.exe
1608	firefox.exe
1608	firefox.exe
1608	firefox.exe
3088	firefox.exe
3088	firefox.exe
3724	firefox.exe
3724	firefox.exe
1608	firefox.exe
1608	firefox.exe
648	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{71e68b35-49c1-4765-b2a5-5ea2e0e9bbec}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin	svchost.exe
File created	C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-701583114-2636601053-947405450-1000_StartupInfo3.xml	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{7FD23F78-E0E2-4B6A-A4A0-A40D68F02F41}-temp-07152024-1703.etl	svchost.exe
File created	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{71e68b35-49c1-4765-b2a5-5ea2e0e9bbec}\snapshot.etl	svchost.exe
File created	C:\Windows\system32\NDF\{7FD23F78-E0E2-4B6A-A4A0-A40D68F02F41}-temp-07152024-1703.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-701583114-2636601053-947405450-1000_UserData.bin	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5012	ipconfig.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.5.1.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 723045.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
2552	msedge.exe
2552	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
5640	sdiagnhost.exe
5640	sdiagnhost.exe
6116	svchost.exe
6116	svchost.exe
4052	msedge.exe
4052	msedge.exe
8	lyrebird.exe
8	lyrebird.exe
5280	lyrebird.exe
5280	lyrebird.exe
3204	lyrebird.exe
3204	lyrebird.exe
3996	lyrebird.exe
3996	lyrebird.exe
5436	msedge.exe
5436	msedge.exe
5760	msedge.exe
5760	msedge.exe
6464	msedge.exe
6464	msedge.exe
6116	svchost.exe
6116	svchost.exe
6116	svchost.exe
6116	svchost.exe
6116	svchost.exe
6116	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5640	sdiagnhost.exe
Token: SeDebugPrivilege	6072	firefox.exe
Token: SeDebugPrivilege	6072	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
3980	msdt.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
4264	OpenWith.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe
6072	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 980	2552	msedge.exe	83
PID 2552 wrote to memory of 980	2552	msedge.exe	83
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 1976	2552	msedge.exe	84
PID 2552 wrote to memory of 4992	2552	msedge.exe	85
PID 2552 wrote to memory of 4992	2552	msedge.exe	85
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86
PID 2552 wrote to memory of 884	2552	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://yanderesimulator.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff587c46f8,0x7fff587c4708,0x7fff587c4718
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3904
- C:\Windows\system32\msdt.exe
  -modal "262846" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF7B4C.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6956 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,830219399859508897,15550505793867384204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3888
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3732
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6072
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.0.1991308685\2014419525" -parentBuildID 20240708120000 -prefsHandle 2436 -prefMapHandle 2348 -prefsLen 19247 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5fce9ac2-055d-4a59-abaf-b0af074e6dac} 6072 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3704
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.1.1897763343\1922617039" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 20081 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c1ff9d6b-7793-4d63-b21e-e51ff4bb9205} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4824
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e145a099b7cd54c960c52ccc8dc8323cf6a7d85578259815f53faeb2cf +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 6072 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5828
      - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        TorBrowser\Tor\PluggableTransports\lyrebird.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3996
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.2.598292975\1449912189" -childID 2 -isForBrowser -prefsHandle 3000 -prefMapHandle 3356 -prefsLen 20897 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {48b44e6f-d0ff-4bb6-8482-b61bcef739c3} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5256
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.3.502153504\1062062386" -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3432 -prefsLen 20974 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {538d39de-b636-4c89-991d-dc181a8be327} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5544
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.4.123312455\873136041" -parentBuildID 20240708120000 -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 22214 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {062554cd-1c60-41d1-8d96-4000d241fabd} 6072 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2960
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.5.1854827166\2098105487" -childID 4 -isForBrowser -prefsHandle 4104 -prefMapHandle 3180 -prefsLen 22461 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {df3c99d9-856f-4a7d-a3c1-85ea1db20546} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3724
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.6.108477375\374507763" -childID 5 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 22461 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {db7f2266-19f2-4f06-9d27-76ad19bf6002} 6072 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3088
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.7.1676622774\411804729" -childID 6 -isForBrowser -prefsHandle 4396 -prefMapHandle 4148 -prefsLen 22461 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {277cfcd6-33d0-4100-89b1-c401c20f392a} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1608
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:8
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5280
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3204
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.8.187402156\1353694835" -childID 7 -isForBrowser -prefsHandle 1836 -prefMapHandle 4532 -prefsLen 23230 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8f0c81d9-9f77-4b59-baf8-b9cbaf2ec44c} 6072 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:648
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.9.253667024\421609006" -childID 8 -isForBrowser -prefsHandle 4152 -prefMapHandle 4164 -prefsLen 23353 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d440db7c-beb7-42a3-af53-93e43c3ce357} 6072 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5132
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.10.231166568\1961795689" -childID 9 -isForBrowser -prefsHandle 4264 -prefMapHandle 4188 -prefsLen 23353 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9f7d6ef9-1e77-49ac-8da6-7a18a0ffc714} 6072 tab
        5⤵
        Executes dropped EXE
        
        PID:5516
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.11.1443293211\828523281" -childID 10 -isForBrowser -prefsHandle 4856 -prefMapHandle 4872 -prefsLen 23353 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {776375d1-cd35-44cd-ab44-3b21cb25b1a4} 6072 tab
        5⤵
        Executes dropped EXE
        
        PID:1880
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6072.12.797185088\1479838633" -childID 11 -isForBrowser -prefsHandle 4560 -prefMapHandle 5080 -prefsLen 23353 -prefMapSize 240456 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240708120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4497b4ee-cd83-4aff-9ba0-470d485914ff} 6072 tab
        5⤵
        Executes dropped EXE
        
        PID:3556
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3588
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5640
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5852
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5028
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:5012
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:2068
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:4532

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:6116

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
PID:1992
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:3964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte326dbcdh068eh4f8bhbb2eh30bdd7c6387b
1⤵
PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff587c46f8,0x7fff587c4708,0x7fff587c4718
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12921077915997924124,11632257470014129175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12921077915997924124,11632257470014129175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:6596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicePickerUserSvc
1⤵
PID:6588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:6692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5e774f76hf3f4h4cbbhb55fhbcec91194833
1⤵
PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff587c46f8,0x7fff587c4708,0x7fff587c4718
  2⤵
  PID:7156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1436,1326762120073394532,9041759173928855619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1436,1326762120073394532,9041759173928855619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault43ee35aeh2de1h4567h85d7hab2fe5c3a530
1⤵
PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff587c46f8,0x7fff587c4708,0x7fff587c4718
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5989372483141395149,7051591983935328659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5989372483141395149,7051591983935328659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5989372483141395149,7051591983935328659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024071517.000\NetworkDiagnostics.debugreport.xml

Filesize
138KB

MD5
81312ac14a7a09ee68676b702a0af976

SHA1
351feb777c5c7570747422a207a560fd0569d7e7

SHA256
27014b100362fd0900835e01591771546e7ae777fb75bc513bc0e95de66f8a31

SHA512
a89d8cdf62e79cde5babcdc4caa0cdb1362dcb48b7a45620eef11dc7f2e4a94cef8106d86936bd20f81dc3c2cd882c680de02380e1f12fbc6eaf9b1a448b1919

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024071517.000\ResultReport.xml

Filesize
37KB

MD5
513eb1ada2eb4674db26e4f1ea7942a9

SHA1
62647dd3bb5665a3a8982314dc02dbcc53bfdf71

SHA256
86c5f40048f951bdcf6bdee6b5a523de2d11c45037b5fb3a14d0b207366f94d5

SHA512
7707705f9b6c661ccaea50f341cf5c97741c8ca8b6a43d6a8842251f6efeed991d15d826a5716921f97f925043fb7c3b5c0847f51af80bc4e344f4e955cbe0e1

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024071517.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3a89e2a42de982970178ccea85d51db

SHA1
7c763cc899fb3992998ee46920f80d8812bda0e5

SHA256
080c62830cbad3ba39df547db96a696477535f57bdf7f47ddd27532fa5a5106a

SHA512
c4202d309d453ff1b94673afe8e8ce87d434140e2311918de8cfa569fc9bcea20609cdb56b54e643e8d8c3b9be62eaa8483036634cafd7c09ee471a7f63c9ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4523be87c13ca355b2f53bdd8252948

SHA1
328e66f00b09476b1968309d1dba8eb8d7bd6645

SHA256
a2a085679a3999c1c391e0b4360e3295e551fee8bea4dfd6e4fdd9f40ebd23d0

SHA512
dca94c9a794e31962f9950b010e928e23bbafc49bccd4a29112608857ed840d2b98003f738e08a64ed83801cc5c15e1fee4a3d473840c2a5898a56aeea2069d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
de01a584e546502ef1f07ff3855a365f

SHA1
60007565a3e6c1161668779af9a93d84eac7bca8

SHA256
9ed00a33812a1705d33ccf2c3717120f536e3f4e07e405539e1b01c5a38a14ea

SHA512
1582b69b40e05bad47f789e1b021cdd5e3f75548a39a99e0db1b15138425e530e25ce6e56185b1dfa5f51758d2709e52d53f309da2e662ebc34c8d4974ab6469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
40KB

MD5
3ad8223a25e7f6bd337ce40cb84ef456

SHA1
5c94f4e230f5cc72ae812f203398713d57933a06

SHA256
b8f5f6a0e5942c6b1e44048983e89912730266ef3d5d38029baa9d24f2c6b9b8

SHA512
6f39d6965258ee64891d3257c3478dca4002a3dca2c04f3e63949b00089c17bed708a6eedabd50f35017c80eca43d0c04da568b0578fc97dfe62e73439bac899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
40KB

MD5
bbc2e9192365d85203febcd55a0fc816

SHA1
83b86cab8ef91c20f85e3f1f6980137cdc1c3276

SHA256
2b33438a79c55524d842f52a1c46ce816a425791db0c08e2ce71b8eb0cecdbef

SHA512
0157075e562bfbe6bc972e1a324e654be12d3271b971bb22d123d55f1929b1e154ccaaf53e902cba791371025178120aabc05359a0a24b665c9a46e091da49a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
41KB

MD5
a291f402b80dd9e2d2e06d146052d99f

SHA1
63ed155630b0ddd26985cdb3b46168666b43c07e

SHA256
66b1870dbb7e5a0e20bc25b422c93257e9360e6bf11ad9d8eff4a1821a819db9

SHA512
aa5327d86e241c3d58e60fed83a47202f27e11f3304cd57fb6ddf73718326c53543ca654174c76fb9f172e2fb75e58ae11d7e048f9c04ae3c151a7c54c8faaa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
36KB

MD5
9433986c4cdb8d79d21f1371d4bdf080

SHA1
c86572f4f1fdf3eb1481acd1c76f66230f5bd988

SHA256
dc7129494201a6d01200bc05813208517057b8977dbad5f9adb855d6a0061b2e

SHA512
a5107e3965327b726e096b95dde73c9cfbc03fb6aff65a203817dac6ed2cd57dafdc5313e4e2db3c3e8b8c0484c6a27746a7a50ea359b013e4e4aadb7472ea58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
43KB

MD5
08090d9590cbdeb395e15432d4284690

SHA1
8b37ab4c19bb9d88a8f6b513f0c0d60711eb6092

SHA256
cff002861a9584b7ff0fb2d57f103ea0b86a40a1811ee87ab70ea19c2b072119

SHA512
df82f99d83cd5d96170a9edcf54f7e0b7ce59cf21ff2f02e60a1998762fbd4c9c2020f2e82d7a073415c55b17c4390779943032efd31e0b9622175506b001093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
30KB

MD5
fa95bdcafdc252a2852efc9e1bcbb585

SHA1
2871edbed977a692d1a665ffbb3afe19bfeb7dea

SHA256
c5752b16524ed8ebcab517d7ad313a21190a513a7be78f4ece57882d7c92f852

SHA512
d07afca7b938eec055e3a3d73d277549b68641fa23a274dae024a5fe9b25b45b1eb84c58e878c3f45dd52249f990f29e74027c58fac4bfbf4c815fcc3c32bbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
79KB

MD5
086593551ad7d767d748782131a3db3d

SHA1
99f4767b03d004e049a6e6fd8ed46ccb6c5af650

SHA256
13de442fd29fe31f21ba68482d10470ee985e2334d5b4eec1fa661a0ea4b8ec2

SHA512
c73350bda30af4150f6e082c54238ca1f48f1c142626a3995e5da5c259ac4a36348cb34612ee8df44e36408e7eb40fc46887520627a06364ae1007d13528e0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
84KB

MD5
a4c88e799d0162be44b8fc739685deca

SHA1
36ffc889611b369cea9cadf7de0d9b590a0a2210

SHA256
54a8bd46433c8bd464a8bf5db037f1c13546af31ed9c778dbbf73e291d8a84c1

SHA512
a3b2b33990acc5efac35d05b78daeb6a43cf997c0d3273443ccd4f52ab0279579fad21ae77c66dfd7d83be25075195598b0fcde3d6ebca7e8e0eda68515736e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
21KB

MD5
acbbec59b2a4fe01ad2a7e1caf60d5e9

SHA1
d2940c1b0832c3e702ec2bed0aa5c98df86220ca

SHA256
f10059b17afc51ad16f0de13c9cb8dad636f9080038bab729d1c482bec9f637f

SHA512
52fe310a3f0b6fc3d80ed691b9af37cc74789d69fb07ddf5965845d00b352b25e1c91ccb1d943debcf9c94e446ebb07713962fea854684cc49ecbaea3e8de485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
41KB

MD5
5036e1122480abc5d5731c96722f3527

SHA1
7e69d26d8b43933d8d3291909f5a78a080299161

SHA256
13f7c3561ece8f14eb346dc691183be5a77fb26f85b863c114e6d112d732d2ca

SHA512
9db09b4a71cda4c8aca2d8ac0637607f0cf02d4520c0ec3c701beca15caeaa9d3e702eab6af57d1430ae9329b58f167e51f5e317838555a43343dfdf7e5e0196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c7ab46d701805dad9a261a59ee5df65

SHA1
6d0845ccc218b49023ea9772a66cc21545cd974d

SHA256
14267cc83111d7f5c742ee64e5cf11498da25d6afb182b3de96ecdc46f13c122

SHA512
10ce0a8b4534e06f348a92fb724ef692d8c5f51a6ead4163c267f421d534d1210a41fb7d86c865a6ee4a4252a7c4dadd655a0b740009d7be20cc14f109429404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7a9e7c203c18f5401c204ceae78b2a17

SHA1
176ced46bf5e86954d8d0a2fc643e754c3796591

SHA256
f8e7376f277796acb79b6a21bfdf568d63d0851f69a828b041acf0f6279de2b1

SHA512
8df1b20a7c5f7cfcf544802eb9316bf3782ef5e4a73705d81ce9c60ea7df8018ba9c407bce0027314f0bb01452fc6d0155f84047fa0099dadb5049a1f409b817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
37bc25a48865bac5f6911dbace4610fb

SHA1
4c286f7778ea23d898b12b1b03ceef06f3471902

SHA256
f14ec64ea85929bebb5fefe922d6905571d954b41747058ce10fb56ea7f50ec7

SHA512
da4642f4d67505d2833c657c1e7d812adf193f6eafefbb55a7f09719d7c07bbd51b65c6d9fa2eb00705dead687604e731d52532efe8aee8c34620cd3eceb5c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf4b14dc4c623f73b9735748c0c7e1f0

SHA1
34876934ccfc7641681c5f6986ffe11350439abe

SHA256
be05a1b8cb92a75145edbdbee17714184b2e05dbc0c5469a5e0670f84346383c

SHA512
a321a20e9b03f0388b96f082144aa949a1419696bf52ed348bc50a6c2fb0acb037e70f6bc67b7ab0350b8840b73842bd998b1cf1bb2730104098a09f2b8f4f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
775B

MD5
415f79a85be85202cc54d73c24fa9c32

SHA1
3fa5c92f59084caf707414233f97ac768df96c2d

SHA256
3b80c2df2f5b60660d5d31905363d03d5cfbba81c03e454fb52c4de805c40275

SHA512
f5d2b9a1f78bb59200b59d473ec7659c2b6901b94197c8e72fc2233617ee023b5f85f505d2105ade7873c69226635f9edd9fad1ed97dba36a8ac01c40223edf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8b6cf6689768ea346039fd80d55796b4

SHA1
6467de5f6ca73afca47b52aad01a63cd1bdbc6d7

SHA256
63bacc229b0f8f54b56c217f359cf8410929fd4bb59113ec4b8085586eeb7643

SHA512
ae0126576b048b76003ad9329d2671031781b2b9e91c73178449ee912511842557ab075521b2251074c82fdbef0fbc1af30476a6efdc884b8230c8c82667fbef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
116B

MD5
a4241c693fbb0890faa305764d6cf50d

SHA1
e856d3421567a3cfd8d790825d6952ba524fe463

SHA256
197eaf026300dfbba19cdaa31982c92741d973f655d875b6362246d6f89d07df

SHA512
7e9cdeb74e86bbb4afcf620a148f82a03f38d3a0d370ea37143e7cffce45109b5bb7638aaa77c97505d046a8ac4ec6f9e4dd630c54ffb44b57296d066d308bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf8cda5be14b9839d0f6c654095c07af

SHA1
bfa711b9905990651abc12fe61c6ecc4ef202e99

SHA256
c6063c86acd4952eb84eeffbd4ed8cb8dbde6014a0854bf5eb53c5f22bf82806

SHA512
2661fc381e20227308820892a02f7de6808a6a9695e128d89d6c58e0017d02ccb311fb2032304186ecebf16c437fc8e4329bded61654cddd87052b037f01c5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
add2093a7696c358f5fd300706edad09

SHA1
ce69541a97508ed535412573247899f86e2d491c

SHA256
016412f9301a4a9fd1d15e364db949f3b21183cae1bc246d3c26a28a745f86ff

SHA512
51f0b51063daf8e7eaa94c995dd1de6a786dab2ccdf4f96968c5a39bbbb08582f85b0bdb1083ec547b447d7a3500c781852696dfe43a7a3f114f96681e948d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1231db682110a4f25b0b8219e3f5e8cc

SHA1
221410287f6302646e45382f94b6ff5ab7a0bd9c

SHA256
78b23c105a158768c3e2355e310d35fafce3cdb9bf707298a8d3a64c4beff7bc

SHA512
0b7fb632d6525a29e3b9e17fff7e207b49d0164b6f17e282f007cfbe9269991e6fa0d3f2bbd2407ab54b0cda0a763012770ee4ae7ce3d00828ca672923f633ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8641c29b365c3f68990919481a3a9014

SHA1
f9f5124356026032a25e6847d35fdb5d9c12485b

SHA256
607fee2fdf7485491f022290d63aea92161824082739d957e3d6f184ce7fa318

SHA512
882f089f98abf82e5d475b82ecd0326bbf2cccf67beba3c5cd9295c3569125f70107adbc6f56b2326ecf07a4349ab106fd8efba10ab059d1462049d50ec2e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
415b194e9a91c24527693f77f06b1180

SHA1
3566d6ab0f2c3fe7b743c9adec74cbd4d7ec345b

SHA256
92ad398eac010bfca1e28c17396a942d4953fbe33b159716510a0eeca749a9b2

SHA512
fc4c8ed4dc66de92c01a55a1c57354996bc2a947b6635e828a6574ecedb751d5d7779c47776d9e4b5e0a4b14e49e53653c84505a8e76ab613475d84423b4f9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c5fd6e1cb8c036a8e1032d6222ccd58

SHA1
e13b4dbacbcec87522667e91e8c8bbb33523ef83

SHA256
7ec2a0a722f203dd30f5442494feac3fdbaa8bb1978ac59bfd55e9f0865c968f

SHA512
028bcee58a440ce3abe6bcb7d6f364177248edafda49b41760c9e7440a8a6b5183efd0cfaf37b438ac4136f2809fbf1eb5819e272557b12722077ee3c44f81a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebcca9f2c6dfca9b0c89a8a7a694a6a6

SHA1
a57d85115ab820e5db91732d9f74070c1e36242e

SHA256
975159c6d708f4740484e4a0daab76ffbdc0e796ee3665f2e6bb08ae818fbe74

SHA512
f2d059e95e8c197ec85e84ee040146b42bd826486ccc3aa4ea74197b2b528df3f1dbc010790bcc42327695abba091515915ab6d80571934d97713c39b1f52221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a9b9c443eabc562822c2d05e1453e5f

SHA1
267b65a88bbf71a0136858497860afb380233bd9

SHA256
96518356d86ace9fe769735d124cf8450d77c5e1df8873a2e9afee1974bbb231

SHA512
ec2a25dbb9fd7d3aaf574ff113d725e1b351b8613919ba347ffc4d8d913339dd3fbfa444701dea7438ca9642452e892a3de584f9de65995b47e6330f955ddc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9ca8b9106f0ec905af2b5a6a6d4146e

SHA1
6762e4b2a56be6d93695a46b40ad97a45bbcc722

SHA256
301d8da8fa4538da2432cf45b9820df8737ad288fafe14c3e08916fb52534759

SHA512
b9870cbf527fb4a3c7063f0575e61999bb155f154c9c633aa993486e8d9bdee2b014e2990e1e643caf3a6f3e37f580ba7c3b36ce8f9074ac42206cdc19935338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
29162c7247b28b3f83f7d9a1cbb7e784

SHA1
e6f816961972329a9583d4f97d792c79f799eab1

SHA256
aef8ace150c39e6fb533d3c0ec8ab68f1a4557fe74b4015dffe570f84456d3ab

SHA512
6b095bcb16f2af3a243bd7b6818964a40cb2612da00a5224104095493c2966ccdc14baa058690950c2dc00d860c2f6a2f3f4d9c538f832d2e765480b9bba6dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42856f548c6586f906b7897cdd3ac99d

SHA1
4723befd8d71758a486b3959f9bf98891a34136e

SHA256
79a68f8696a79fa047345b9fab18071743b84a3e854eb8a0d6644ae7a9f4fa35

SHA512
d6b671e0c0a27a76f692165a273c06dd6185b558352f9566f69981a6f4b7a32758292c666adff34962a2ecd75b06dafc096e182173654d530d710c75fbb2f0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0eed83e314f8d8ed013c2e0f18d658a1

SHA1
bc159e86569fb3d6d1b782da58a56aa94f319d92

SHA256
2902e7b9267689b151b06a5453b2b742ff58ede10986323c55ac29a24eddf312

SHA512
917534e53cfe8151382d55c69a9c15a1b1ecaaabd8db27aa365be31832cf5598e065e7676ef2c0332bfbf4c8d6383fbf026f5a63a7830bf1194b3286bcb109bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bc0c144448c04df7e5c14f6d20af3437

SHA1
9743a129d9a9cd6dd3758c4904ccf93d46fe779e

SHA256
0cfec8b72bb1bc476db4c41b8d67dae02914ba75b21abdad1297d55d1403dcc9

SHA512
ac639df64818594b759e7e6c93d2591b595d88d168058a6b53c0ca041391e47637e6418be4d3f6f486ccafed43924fbe17b65758f8d48a8b79e76aef492aaef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d3e4806d0b6fb96cb64b6e687d1e3ec

SHA1
1e46a006ff3b011f753b4c44ee3c35f4bcb68bdb

SHA256
5aa05befe4eec3e1b7957029cc826f321a58a30ddbf156c37af21d15ee151798

SHA512
3fe596131e282c38eb69e98dc6e9d8d0d4451098337b705c645935d11263aafce9f5110c34cd7e69108064b13383edef9c8058ec4d860a6859fb3e899b3f034a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a7279de95936a00c8254b76b2b811445

SHA1
15c76485736af37c14a615dfacab797ef01cc7a6

SHA256
646ec7174c2cd3199ed5c03cc85fc5ff85f89f94c0633e684a20dd65ca75210b

SHA512
dfc239795b30c4c868625ddddbd16e11c8e4b5cb2712713291828b44774e05eccb74f5a08a342bd6be7c2cb7f5a961eacd03cfd3dca42d4bc2c05de9edcdf4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0737c7931070e75ca178c32afe517d85

SHA1
fb3b88bb52a16dfb085fb4f6b61642d9095a6ef1

SHA256
df2f0ec71da766f5151bf5f3f998462fd56bd52e1fc07d89174bf6b336e094e5

SHA512
edbe17793561cb51de9b5bb5293a7b209f754fe63bcbacc30dde24d664d908127503701ca81dd1d1b954d3847cdf8d6f92c624acb5dc2f13946b95937cf6df4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7afe3347697c4fddd937bf96bb28f687

SHA1
8954cca322b892aa9269ed85ddcb82817bedbcb9

SHA256
7a538b20045b639438bd1c5444568e61c05a137c811c656dd7f4688eda6d4925

SHA512
20d8c30baaa3647bb38deb5aaa018abc4f9cd7d4b75c0ae68192fc70aa0537daeffe74fcd07d9983e6017b5a0903954db9a33176f3545c7a2e09ef675af79823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2126a90f41da5d452be9e93655984720

SHA1
23c01218bb4b40f0957b6976dbde2a439aec6f60

SHA256
93b6042b68ac6478a07dc84a683f6992ef59a1b3511ebf15e79a0d8357d4d3fd

SHA512
e0c4065fd24bb13bf56834bd0b0ff01d190e532253efda8a5f1a3524a4de90a3179564bc61539122ced848de514c6eaed283eb8ccaaf33f1153b6e07880b8835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea6f9a2def359f6a617eb9a57282d77c

SHA1
e6da2cf58983cbfc739a968f023831eeeac5e122

SHA256
e324b428306a2e5f4b78ebe3433b6a085ef8bed9e13c647fcfab837ab59883db

SHA512
f4210adb9aec62eb5b26d7eb2cad7483fc83059a6ae64a68a371c3db7b8aeeb399544359b7400b7f869e46daaa0871318e44048b2b65f5a6ff9bb7a8ddb7724c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed3422507817a4c90f500188b76917cc

SHA1
de31ffa035493ede952bd3414bac199fd0b31595

SHA256
29047bbb9bed28da047f2d0bbfeacc40a6dc08621fe15b2c31de4a4207544d5d

SHA512
f7eacc6cbf8078d332fb35c080f723460c3a135360cd4e178c9e6d62713286ce7a57724b37f1b868df6b72d88570d05b2b96ec2ffa9544d5c1d487579960bfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
996e5de9546fecfb9a054c7b8a83e37d

SHA1
b2eb4af5e1039980678940fad73f869f9555f778

SHA256
d6a495243c77db1931075d8b0af39fb68b26bc7cf316dcfc7e9f43d852c1b344

SHA512
b2f6463e693b67dd3ea01e88e35473a63a8174c1afc8e4905a6a7a5be0de654f951f506e2ecd90601b91a2fbf32f42ee1b2e0aa6bcaae0fd530a54f7ecc6fb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77952ea7457adebdecf92cd7edb20a72

SHA1
64fc60cbfffd318f0fdb81e3246240247c829931

SHA256
caf97d00d4c1c15997c1cd3ccf37e08a88545df7daf95e3a4de21e830d1d3dbe

SHA512
f99a01e2157fd85960cf0e69e65692e529ba1f0709c0bc3814606f84552d3917aa6a45b4f67191d2ed61ddb8ed4df6a350c3d42e6aa9cf70a88f6b7f4314f3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b9b80058f1bd691cde15e23e51a36daa

SHA1
5d1666cdc6f3d42832875eeb6b513613c4d8c32c

SHA256
c87d5f216e6c278bcb769ef70ba8ab04744d5d67439d15faf262171ae195d590

SHA512
22612642746c6046c96c9012bf6e766cfeeefd9a4e8e7d015ab50612b114a2fe14aef8c27d0c32940c276cf5e098d5df5f443f7a631f2c245f46eb02d41ff9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
03e79603a06370d8f0f2a82ebf1330bb

SHA1
3f6c83a88104973026a8fb1972dd44fd649bc15b

SHA256
7ff2538c6d8636f240cb616b5b75724a00fdee970a464d9e0a75f31eb71a1725

SHA512
49a7c7a604aac1bb00d12cb12f0411910684c052819ac652c2d8b310791a1a90548aef94dadf20c98000b74b0fb603a2afa72c90aa3375863771e6cfa380cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
79138b247b2b48f7ba86ee82ede90237

SHA1
fac2cd4476be8478408bfdda8787b2fe09ddafd1

SHA256
8d2f12d3d26dc3ff758583bdc5f0aaec3f90369300d89ad9bfc3e4b24b82418e

SHA512
31498399b9fe5faaff87e198e9545e51330dbeb6df89ff1ee86d6f83efdb7f9134094c7201db9126451de930467934bcac96d8612e9b0b06a7ed3133e8894b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f20feff8d77d9c64b3b0f118bbcbc9e2

SHA1
3b32e17024136a7bbe536e91d12e0ea833117baa

SHA256
977bccce8ae066a2fb947b58caa268f628db260272c93cfa72e20625a46aed8e

SHA512
a8adedaf4122ddaf0b4fbdad46ed0f08a271282be51bb5e45092220b09205e16bdaac698c925d9c6d619c0ca501afab866739fb33195966b3f0107ac9719d75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abf58810a2b21a20a34ecfbf86e32dbb

SHA1
35f22d8dc4ed0c53a2586f42efad8f7fcacf9b71

SHA256
9f599b67eb5c8dfce7bd9ee8af277a94c876ac0ddf515a6319bce0c19971d2dc

SHA512
cf9f10d3a203b4da63f0a5aabb312be88fb30606cdfcf236fa80b2bd9fe3df583c62754ee33f99210af3e7a8cda49a2d29bd6eab60c0f6dfd7a7e85324eb6943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64f944752560eca24be5c7545856941f

SHA1
5189708dfb3352086e2675f0e5dd06f1dbf7ae82

SHA256
0bc11a5360f9fc8b3c5cdd11fa511729207f0d1c423ca87755d313b45ddc9710

SHA512
e678211ec6e37fa9f122c56c6b83968407f606a526a77b8243447ec3ab4017071eb5c593a360409a2f742145b4c9e9d0c94a3bd3998432b7adc74e2d9b3aa49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
692cbf882045e6ad2f817f2c6f838ab1

SHA1
b8fdbeb852ca80687737a86fe9f3e492dfd8e662

SHA256
320a91c94755db41105af8a62af26e81aa88a986f1ed6ad3f46769a8204042df

SHA512
e65b8b0cb5a7db55f99f7d790b4dd85273129a3b47187c313ce6b2e05dc53d6b7aa7c537933fc493546e319c1f2ec482c94f1dc149e4d78c81b79227754ab945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25ebc2036606eb1ce3e8dbcdfe2c2cf2

SHA1
fe7e810d52bc05f791c03f6d47023a22f2807e40

SHA256
68f15eb5ed9f11914b43ec7e57ae4be09bcc7ea55c402860cc7f26c5103ef215

SHA512
4c7643265002b75a3b8ff87d5564bfbdbbbb8b184b01fa18ba7b3b582cb2e674562059eac60ef70fc829893b2a76e680a7a53556605bfd80003dc5342362a808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61404790f2010a4f98fc94398105e45f

SHA1
2397f3a98893c478ccef1f9f01092bbb80518f33

SHA256
87a3b0e106bf329494396814cfaa29826bc6dccd1f9e856bc4cd99e600d339fe

SHA512
435b3702fe26bf865ae1d74b20aedb6a26a20fd693d471ddc7467a4f49d85b498bd8b6b4fb65cd52958f3b3d1f849785026647ae34558f1712ab77c5b8d8ad95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b50f2da366b5f8fc4ae5bb45b60b743c

SHA1
741dfcc0b6d3b82b2cb6b833b5895cc1b002d46d

SHA256
51c7a5ab42433d62894736e47fe858bc64e1b4fb825333426b81dcd25e993c45

SHA512
481e68257c407c050ec3406f37f1c2a9f281120d45175d6d2b2f490c2caca2af902a5e8cd027db31d05f5a7d57f030727d00ea5bb11857c1887a829a7546e2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f750fabc1a56087952f7f591166060e0

SHA1
d782692b9d4c6e78cf7f6d091908c48d8003fd1f

SHA256
87f4d8e9ea1da5ba2d936419255ae053e8971ed94a85104c94dac0abe97fe5df

SHA512
e47cc3d09134c3490f37e32389501e8a0499406e08ac066951cbb4faf68fe051066cab552cf12d989205119c8e1f964bbd8b699c678e42762184332d17b5a65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589c4b.TMP

Filesize
203B

MD5
94bf6cba877c2d9392ca2171cf6810b2

SHA1
4d7e1f5c9ce63980f91ef62563d547b4752ddb5a

SHA256
d6153a67be2d28312b763f45aa50d7a851d5e13860e0bf8561f47642fc051d66

SHA512
574d4018cf8071a3f5529b51eb4f0815997230c176f116d62287708a81126f1e48f9691eee89a3d334f7adbaf9a46e21e41dd588c743e21d85bc361224bf8261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
474b410004e4a4e60da4d19f7ea89148

SHA1
6327266d1b885feb7a9bc72bffb46a56d57b58a3

SHA256
403597c1e7d4028b287d9055766c823f77e209f408338bf36f6ebaee927f1c9c

SHA512
659d6108b406b5616b9bad3ec7c4a0b0a69980dbe5c2ec80858ec484f765cd2b63307478d03b4c6fac5c3c09dc7aef8078d956bdc27e92f5eb15366a67c030fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
741118863b7446840bc6d4d4cdcf8da2

SHA1
88c87e077cceddc5db29c090de0c0dd1c975eb59

SHA256
e58f89b440498eb48a203be9d0fc322e8e348dbc94fd3b4434e8d703bfe78ea0

SHA512
47517bc0145b1f28e0ab4b7b7f37bb50fc93e89138f18240a7cddcafe1a3f660ae05b60d410c24b37214c009dc924ce0e64a87388f4951648735649187dedb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2ff33dd71680bdf164374fa3b774d82

SHA1
1fe4ba4951de870ceaad1291b871f0026133e30e

SHA256
4f89428c4a995a9b8f0e398f85ce6e9906747d49eef43ff0f0b05f997357d48b

SHA512
3e29f4b48680a21b0ab43999fcccb1468877e94ad511d59824263518627195a9b81d699de1b010bb683516d0d582963ffc202d2a1b8d5264e3ad8832a521fb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c64d400c2e5c67d8bd22257d814b1dd

SHA1
92df28fa5a17f7114b3e0ac04f47437fc855694f

SHA256
cd981066468f9a3ee89d745bfed9fd6a595a989b7a70a4876061a45ab79b97fa

SHA512
77697ff097e93327c9a4bebb317a9e19051faf54875bf2b8669b7a2222571c9c7ee23cf8b83ba9d3cb860579c59fd91c46dfcdc3f28b8ba0f6bbb946b3fea415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e21d8926377d1e74d64b80244c4953a8

SHA1
fecfe7e3f941344e8fdd34e6480a2b16398c6bb2

SHA256
3e0ba1b640cd7a3361ee907dd498a8d394c1c2d5176c049cc1cef0ce67ef88f4

SHA512
77ead9640f0a0498ba9d33319378306b1314098e4c26601c79139a2ce4b383ea30124a05d9ba27a986f987cf608e4c61723e6dfe1eae8166c1b52afe17339e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-07152024-1703.etl

Filesize
192KB

MD5
8f0c10cd825655d97bf94452b8fe47dc

SHA1
51c2a2ba404cbfa14d5f047ca774b1488303046e

SHA256
6ed15bdf7fa88412f7904f98462c692a6c5e3057c2313ed657c4a33a344c5c84

SHA512
f7f6b97cbc244c74e45f738f679ae5e9f6a5dc546f8fc7ecc121f6866d09a015b14c8b65034532afdda96275c2784a4ea6d5274a5d3e191ce48abeed0fce7ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF7B4C.tmp

Filesize
3KB

MD5
abd2d88f3fc4506c5126b14d6f2c322c

SHA1
5ba2a14503ddab2747c79dd453413d69e7e99709

SHA256
e87b36cd38cb3093916ae57ab4c14878db62bbaa64f5fe0697b4d4cd5dab2963

SHA512
6c787aaae9c5ee1efbaaff8cc4daa7b90b0db655d3f1530b1b8099c13efbd677dcc52593e58b91aff6279d14f2141d1daa51126134101286d1fc42687b6245a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hb3t11iq.jpi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE2FD.tmp\LangDLL.dll

Filesize
7KB

MD5
d02e216c527f97b5cd320770cbe03a0d

SHA1
76a0bea3650c393341e240231cf999d11a3d8eb8

SHA256
cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

SHA512
39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE2FD.tmp\System.dll

Filesize
24KB

MD5
62a6f7756aabaeafe2eaa8a1b19eeb99

SHA1
24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

SHA256
4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

SHA512
7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE2FD.tmp\nsDialogs.dll

Filesize
13KB

MD5
6cac9c4cbadc065beeebe16e57279a9a

SHA1
26bcac80ab11c56d8d9de74a85ef2314044f96ca

SHA256
f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

SHA512
854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
fecff8a80f5985baac31da1f01d86390

SHA1
cd152f590bc3a4bdf13a077dfd65599460693b51

SHA256
1ab8cf3b6e205c4c0e065cd4ee0ee1d10c836a8c6a22850885f932429955547a

SHA512
34f1d7c387267de02e54cd070c9a1768632f6156a2a7663414bf22d10415adba362035b40f27e57062da26b58aff53b30a5b1b53d0c2c126f1c44cef8dbf3415

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\ipconfig.all.txt

Filesize
2KB

MD5
00367804a3455d7fcc32150dc25f3000

SHA1
83f3d132362ba7a9c5c9c204e4459d5e8f8ae4a8

SHA256
d402d06e87af702488b7e860ed65aaeb40213405ccb2a6209f0183b94e1d21ae

SHA512
7468cb9dc9d75bbfedf93e737de6f4d3fbd124c92830fd03b81bfa2e58fa0f568327ca9336bec940cd140c196da12d6f3ab63903c44e3a831557d18e8b499669

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\route.print.txt

Filesize
4KB

MD5
357fe78bb31eb4520a0f8fb62bdb36f0

SHA1
60725ca31af25245f66ebd546bcb2ed1592b4b76

SHA256
e4452a39ab0759812163388e93f32e92e056a2bb8203402c0f2b152baa038aea

SHA512
fde020ee68906afacf72ce0f99b15d6c197457dbb618d559c7b7205f9f9fb26d7b0ccafb5ed306e0073c6c640dc889d4bd3d7d422bba962694ac666402ffb0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\setup.inf

Filesize
978B

MD5
a4051a8bfb7989570a6e367e6b786054

SHA1
75fd886131ea9358af80817dd61d96ea3e6d9fab

SHA256
bfd88cc4a24366090b7426cc67e29f8c799c221f0893602005bb29fa4c7eba85

SHA512
bce6ed4b425715ddd20547795f0128658ca6d8966659f2511e3b6a6aae84b7183bf06f87e909332cfb23527758e7e02a765a132b3cbe035d50a5f66f0b159e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB334.tmp\setup.rpt

Filesize
283B

MD5
0fe32fbc24ccff8b32b077a58b404389

SHA1
600bf59d4b080bcdefdff69e6ebdb0ca8d4c05c5

SHA256
fc4d9f774b84ebf8cb3b146c960a409a3d6873649736fcb27b8224820c1ad8dc

SHA512
ebdb999cfee1c207bae84f9a788609c82b83f716ddbb5c98431d33db3836c109dda652f036a3d6dc589cb56a2c1fd919966c110a7a977d8422301b2420aca2e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-07-15_15_FTkJooubd3rKB1BKvbtZbA==.jsonlz4

Filesize
1KB

MD5
577683a18a712b3de5d161b91e358a15

SHA1
4d6d2c34e31b411fc2cd2a01aa951226ffb6299d

SHA256
584452806b1bdd04ccf3ed6b16cdc54aaed03efcfec5aae905ca3d2e7d8d7a44

SHA512
6c21a9f7e6541f18a5f4bbf9a926aa624a32c13c83e4dfdb0eb6bd1ea80de1289beb398920a84c2358689893570de0b0fdc85c638ff6c1a831df15b21f45b7d0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
0e8293dbd4aff1174c6b1657bd2b50f0

SHA1
b523a84fa9a3ebc1e7ac108d175538b5a1517579

SHA256
25533ce8855e2c48a99be5275f600f80c8e6a232e6b6291a1768b0c7bf79adf9

SHA512
93f7df2a61bfafb7f6a009a692c96ce951792a3473eb164a438188fe5012db5b64d62145655ecd0abb800a46ac449dc4b257a03ef0cdb99f51375fe7b68a1be8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
bcfcf9def5bc3f80fa2e1204c1719864

SHA1
e33ab22bda95c3bc244965a1f13807d04c35d676

SHA256
e9ddee42aa792e508ab2a35683e24953ad0be27552b8bbe9466e4aea516931c6

SHA512
9f5a619c4af138e50af420698a4b7b1f0e8ff67ed66b9faa24ba600d307968075341544720c918480928f6a346cf89a3581c59e2ee34f5f27b1f446204f0a50d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
4ff2cfcdb9aaf4da8f63af5365c85d6a

SHA1
5abaa59c863a4d4fdbdd16c34ac9e6a02805ef06

SHA256
97191c12f08f17e3f05c729d43f65d40c2a3ae95761e4018ca412db744c3c618

SHA512
e1bc9a5dd8f8bfb4ba6bb94bc2c333581e80d84c6d7594313017dbe6dacfcbf5401289ef9efc8fe8bfeb19698532cc747e825eca5996befc978080e72eaf2fc1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
da7b3965c9377a875c166f7665890885

SHA1
0c7eec6d739ed9e522e04a0fc717b89e51b7057a

SHA256
5a6b515ffd3928df1b2ce306064a48d07a87b0a2323b98eec451f19c5ddd8bb7

SHA512
8802abf0f7617a8f4fdbe498936e066fc7be3b45e36beb6b029d1ceadd5fdf6905b69fc8383705caca203026436818cf1729ac45fb37c1e29f432bf6182cc374

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
3cfbb137e5927ef745df2b3346e9ed8d

SHA1
09b81138fa508a6af90f089ca4fde5cbfa9ba4c4

SHA256
ba3ee0592d406f4f2f3878208fe6dea32589e8cbccbf9f3a1809ebd5b62da154

SHA512
a32938a60109d65dd4076e9b74b354fad6b44eee24d89f7ce787167a351957f74e5b9408a7753a7cf8569d410c9b84167493c752d0d314cbcfb61bbce61573e9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
b2a6d20cbdfb57fc9b3ded04757fd1b8

SHA1
80c5fb00fa4256ecf99e4ec2aa2af16e18cb503d

SHA256
bbc55c61d4b61dfc5f6c863f9503384d9f8e7701b41e800a87fef626d41c770c

SHA512
a64a659ff2b1b4a71a86a92428a94df8bbbd8b7ebc51de95470a0208610b5201401029f8f1fb64f60e9bf8daeb147d227e2edd840dcfa3df85e201f3984ac087

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
112KB

MD5
4aec89f842559191cfa7225a046c531b

SHA1
251739df2e886c843cafc8b7dd5e263a5244a707

SHA256
f9e50397a4fe26a4eee7389d711c63b92e8eeefbbaa4db9f1c114b07d4645eb5

SHA512
f10372a704c44a4309975bad77a24522151ec5931dd79c5d9054565c38a4036ca174513d36be03f4e93abd73ee3a47ad52c17c16542ef5758281c3b5e5492678

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-descriptors.new

Filesize
14KB

MD5
6fee95d8192a3edc1ce11ea09b44780a

SHA1
26e2e060fe5618a10eace0c94a8b1730733c4afc

SHA256
3db7901905c67966115826742aba0c8c22e39a5249bd70bac687ec6377a3d8d5

SHA512
c54a91221981eac19a2e4d5f59c2e9dfce090a6fdf885eba28a938ef8f31771a7a064678f24c9685feb12c633f55e27367341d4b6df4e32a472d96b41b55b8ef

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
dc81449a6d536db81768b1f58df45c83

SHA1
833bcf8d1e3c53d14368888074fb0b64d87049b2

SHA256
bbc44b817e7d5d4e5dbde922761f204b2997889c933455e582ed8feb5ae03f66

SHA512
86c87b106b93b06d9a3fb94b9aa32ff3a1c00060b24b02d8f79ac4d0f497cbfc1fb8a8b80eb24a2d9487cca02ee97bd774f8ebe09177a7796fd5aa7db34f0b34

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
11.4MB

MD5
b05da0a7e46ed58052818eb50f9c9a95

SHA1
859b54798a8782d30043ba4315c1984959c3f476

SHA256
f80b3d371d01f3125812ac2c8ccbe767c3b457ce4b6f7850c0a218f1d36ef279

SHA512
b4009b16aa075828b2dd7ca67869da38b5e285bafd872946196690169d8d055cd1ed4f2ee5da3cb5474956e184ca58d91d804a71f3152ac74faa2482c8d52959

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.8MB

MD5
67f708f227c0338550952313e5e382f7

SHA1
43511dfa2d91f6cc4c429336678cbcf08ddb6489

SHA256
a2ebed521db5d43af62eff32b7ee77a7a342ae6661a0fda60be785329b3956ba

SHA512
4a0fdece1ed1a290731ef21e976f3074b70660c957cdc2067d506e4f08f3af7673f578afb108263e7a61ac6e773c0f747ff325b7fa4a3eaa1f77872743813614

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
eb388726725c57ccd28cad1dccee33b6

SHA1
35429d8a907b07286a884c0e9cb2fcf78e93f8a1

SHA256
a6bbd19e33a9d2b539c798261ed400c74b239527ad17109ad549a972bd6cebd6

SHA512
dc9aa4f26a86fbfa6caf7d476e59975fc79da314eab8cdf5e2899d681e8b9d3767e531a656471e3ea2129f4e688ad1e0c472eb5d20ea8a8ed94c00d9fc66a48f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
9ccf77fc36265c191e96aa95e65e8e30

SHA1
e1f5841af968f8de55a750ccc507592ced50e242

SHA256
5900fe3fe893b5b43d46c87ca6bc8203ffa2cec8fee9e329f9b58de726ee808d

SHA512
38846ed72dab9639f4eb2b98a7b1c50342df0656a8892381b58d0eb2422bb59eace4a2f42987a42b6c04d6f45458df83bcb829a031e8968720ecfb2ce68ca8c8

Download Submit
C:\Windows\TEMP\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_7893ec1a-09e2-4123-88bc-1ab824ef2414\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/4824-1917-0x00007FFF66490000-0x00007FFF66491000-memory.dmp

Filesize
4KB

Download
memory/4824-1918-0x00007FFF65DF0000-0x00007FFF65DF1000-memory.dmp

Filesize
4KB

Download
memory/5640-1078-0x000001FAFB560000-0x000001FAFB582000-memory.dmp

Filesize
136KB

Download
memory/6072-2055-0x000002A120BA0000-0x000002A120BB0000-memory.dmp

Filesize
64KB

Download
memory/6072-2117-0x000002A114B30000-0x000002A114CA0000-memory.dmp

Filesize
1.4MB

Download
memory/6116-1517-0x000001425B7C0000-0x000001425B7C1000-memory.dmp

Filesize
4KB

Download
memory/6116-1513-0x000001425B8E0000-0x000001425B8E1000-memory.dmp

Filesize
4KB

Download
memory/6116-1514-0x000001425B8D0000-0x000001425B8D1000-memory.dmp

Filesize
4KB

Download
memory/6116-1516-0x000001425B7D0000-0x000001425B7D1000-memory.dmp

Filesize
4KB

Download
memory/6116-1519-0x000001425B7C0000-0x000001425B7C1000-memory.dmp

Filesize
4KB

Download
memory/6116-1095-0x0000014255BC0000-0x0000014255BD0000-memory.dmp

Filesize
64KB

Download
memory/6116-1522-0x000001425B710000-0x000001425B711000-memory.dmp

Filesize
4KB

Download
memory/6116-1099-0x0000014257300000-0x0000014257310000-memory.dmp

Filesize
64KB

Download
memory/6116-1103-0x000001425B7C0000-0x000001425B7C1000-memory.dmp

Filesize
4KB

Download