hxxp://google[.]com

Resubmissions

22/11/2024, 14:58

241122-scl1zayngr 7

22/11/2024, 14:42

241122-r25c6symaj 10

Analysis

max time kernel
927s
max time network
930s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22/11/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

defense_evasion discovery evasion persistence phishing trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe"	msiexec.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 38 IoCs

pid	Process
4924	tor-browser-windows-x86_64-portable-14.0.2.exe
4980	firefox.exe
2656	firefox.exe
3456	firefox.exe
2796	firefox.exe
4360	firefox.exe
4304	tor.exe
920	firefox.exe
4872	firefox.exe
5196	firefox.exe
324	firefox.exe
4688	firefox.exe
5260	firefox.exe
5440	lyrebird.exe
5312	firefox.exe
6000	firefox.exe
5060	lyrebird.exe
1020	firefox.exe
5340	lyrebird.exe
5172	lyrebird.exe
2900	firefox.exe
4696	firefox.exe
4840	firefox.exe
3984	firefox.exe
1128	firefox.exe
2544	firefox.exe
836	firefox.exe
5760	firefox.exe
5656	firefox.exe
3800	firefox.exe
2464	firefox.exe
4684	firefox.exe
2208	firefox.exe
3076	firefox.exe
1908	firefox.exe
5772	firefox.exe
3240	firefox.exe
5000	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4924	tor-browser-windows-x86_64-portable-14.0.2.exe
4924	tor-browser-windows-x86_64-portable-14.0.2.exe
4924	tor-browser-windows-x86_64-portable-14.0.2.exe
4980	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
3456	firefox.exe
3456	firefox.exe
3456	firefox.exe
3456	firefox.exe
3456	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
4360	firefox.exe
4360	firefox.exe
4360	firefox.exe
4360	firefox.exe
4360	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
4360	firefox.exe
4360	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
5196	firefox.exe
324	firefox.exe
4688	firefox.exe
324	firefox.exe
324	firefox.exe
324	firefox.exe
324	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4688	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
5260	firefox.exe
5260	firefox.exe
5260	firefox.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
459	4472	MsiExec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
452	raw.githubusercontent.com
456	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe	msiexec.exe
File created	C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e650cdd.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE5A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE9A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFC7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI10A3.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0A86714A2813EBE3.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE2A.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFD5AEF7855A5408C.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF2A.tmp	msiexec.exe
File created	C:\Windows\Tasks\sys.job	MsiExec.exe
File created	C:\Windows\SystemTemp\~DF8BB7884F4DE4C4C4.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\Installer\e650cdd.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID4A.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C452D4E2-DE24-48B6-B5C3-ACB240A01606}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB2166CF35B9BBFE6.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIECB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID99.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE09.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE19.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE99.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.2.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767609395676148"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-14.0.2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{07BA9B8C-6ED7-4DC7-9DC5-82CB7E2AE8A0}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 895671.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.2.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Winlocker.VB6.Blacksod.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
3728	msedge.exe
3728	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
3648	msedge.exe
3648	msedge.exe
4800	msedge.exe
4800	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
5440	lyrebird.exe
5440	lyrebird.exe
5060	lyrebird.exe
5060	lyrebird.exe
5340	lyrebird.exe
5340	lyrebird.exe
5172	lyrebird.exe
5172	lyrebird.exe
3896	chrome.exe
3896	chrome.exe
3212	msiexec.exe
3212	msiexec.exe
5728	chrome.exe
5728	chrome.exe
5728	chrome.exe
5728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2656	firefox.exe
Token: SeDebugPrivilege	2656	firefox.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe
2656	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 916	3728	msedge.exe	79
PID 3728 wrote to memory of 916	3728	msedge.exe	79
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 5040	3728	msedge.exe	80
PID 3728 wrote to memory of 4044	3728	msedge.exe	81
PID 3728 wrote to memory of 4044	3728	msedge.exe	81
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82
PID 3728 wrote to memory of 2248	3728	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd38c43cb8,0x7ffd38c43cc8,0x7ffd38c43cd8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3116
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.2.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4924
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4980
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1944 -parentBuildID 20241112185024 -prefsHandle 2552 -prefMapHandle 2544 -prefsLen 21009 -prefMapSize 252129 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {af5bf707-c843-4b5a-8014-766b6c88cb9d} 2656 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3456
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3108 -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 21821 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8319f36b-aadf-4cfc-a7db-257226ea1221} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2796
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:11bb511522da994460c60b085eefff0ceab679411e7575a682ed0074c9 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2656 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:4304
      - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        TorBrowser\Tor\PluggableTransports\lyrebird.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5172
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1940 -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 3068 -prefsLen 22589 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {198433cd-7deb-4cef-976b-289ef2ada0d9} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4360
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3748 -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 22665 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {922f5b3d-649a-4ef5-bdb7-b93c25ec78d9} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:920
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3564 -parentBuildID 20241112185024 -sandboxingKind 0 -prefsHandle 1824 -prefMapHandle 3556 -prefsLen 25411 -prefMapSize 252129 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2a09f7b2-331a-4bf6-b5c4-bae54129b65d} 2656 utility
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:324
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3916 -childID 4 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 24122 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {475a634d-8a5c-4155-9b7d-4b3efa110366} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4688
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4244 -childID 5 -isForBrowser -prefsHandle 4156 -prefMapHandle 4292 -prefsLen 24122 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {49e4b396-7e26-4e81-84b0-4f54ba5b7b66} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4872
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4556 -childID 6 -isForBrowser -prefsHandle 4548 -prefMapHandle 4480 -prefsLen 24122 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a2100f5c-6c4a-41c2-a4d7-40a959a7d184} 2656 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5196
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4656 -parentBuildID 20241112185024 -prefsHandle 4664 -prefMapHandle 4668 -prefsLen 25411 -prefMapSize 252129 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {562c34e1-69f9-4da0-a8e7-d51392d89a5d} 2656 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5260
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5440
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2368 -childID 7 -isForBrowser -prefsHandle 1832 -prefMapHandle 3508 -prefsLen 26203 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6799eaea-a8fa-4163-99ea-0302609095be} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:5312
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1940 -childID 8 -isForBrowser -prefsHandle 3060 -prefMapHandle 3516 -prefsLen 26241 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {33096cfe-637b-4917-a8a5-e37c8f05cdf8} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:6000
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5060
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4280 -childID 9 -isForBrowser -prefsHandle 4124 -prefMapHandle 4932 -prefsLen 24889 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {355e2ffc-621c-4cf2-bd56-d6837c1df8f1} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:1020
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5340
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4976 -childID 10 -isForBrowser -prefsHandle 1668 -prefMapHandle 3920 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2baade40-2ad1-4c73-b376-42b03c86cb58} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:2900
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2312 -childID 11 -isForBrowser -prefsHandle 5052 -prefMapHandle 4360 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7f12adb5-2314-44e7-95ca-623a640ae8df} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:4696
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1676 -childID 12 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4b11575d-f21f-4b61-9a1f-accb3c1a8a9e} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:4840
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5584 -childID 13 -isForBrowser -prefsHandle 5668 -prefMapHandle 5460 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1f9ec4b5-d1fc-4799-adc1-628c8cd6805b} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:3984
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5404 -parentBuildID 20241112185024 -sandboxingKind 1 -prefsHandle 5368 -prefMapHandle 4932 -prefsLen 26711 -prefMapSize 252129 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6f739e93-40af-4e8a-8002-2c9013184598} 2656 utility
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:1128
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5924 -childID 14 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4003d76c-9658-46c4-a5b3-7c2d3feab674} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:2544
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5112 -childID 15 -isForBrowser -prefsHandle 5808 -prefMapHandle 1448 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b807290d-e4dc-41dc-8537-76bd47861be4} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:836
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5484 -childID 16 -isForBrowser -prefsHandle 5136 -prefMapHandle 5124 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6396ceba-80d1-49ea-8421-aaa2dd3a8797} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:5760
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5416 -childID 17 -isForBrowser -prefsHandle 5336 -prefMapHandle 6012 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2eeaa642-5f00-4ba1-8641-9fecf83e8e9c} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:5656
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5892 -childID 18 -isForBrowser -prefsHandle 5584 -prefMapHandle 5812 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {45fe3d4e-50fc-4591-a5e0-fe788018761e} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:3800
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5788 -childID 19 -isForBrowser -prefsHandle 5876 -prefMapHandle 5296 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0810940a-ca4f-4ca5-8e6e-0fd341d05adc} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:2464
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5396 -childID 20 -isForBrowser -prefsHandle 5836 -prefMapHandle 5520 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ac4a2e3c-7e13-4a1a-bd9e-6aee9c991f57} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:4684
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4544 -childID 21 -isForBrowser -prefsHandle 5604 -prefMapHandle 5888 -prefsLen 26711 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fd5a4d12-4820-49b6-b948-5acf4ba69239} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:2208
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5276 -childID 22 -isForBrowser -prefsHandle 5064 -prefMapHandle 6524 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fb4d758d-66c7-444e-a0b1-51377b237407} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:3076
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6432 -childID 23 -isForBrowser -prefsHandle 6644 -prefMapHandle 6424 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1b732291-9623-4ec1-9133-8804847a9ab3} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:1908
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6496 -childID 24 -isForBrowser -prefsHandle 6772 -prefMapHandle 6600 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2faff864-20e0-419c-b82f-e1d5a4624088} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:5772
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6172 -childID 25 -isForBrowser -prefsHandle 5496 -prefMapHandle 5732 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8bc38a7f-f0d7-4ed5-8890-6edae5c1055e} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:3240
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6036 -childID 26 -isForBrowser -prefsHandle 6236 -prefMapHandle 5580 -prefsLen 25299 -prefMapSize 252129 -jsInitHandle 944 -jsInitLen 234780 -parentBuildID 20241112185024 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7de78f5c-100b-4929-8397-6c2a21c32c41} 2656 tab
        5⤵
        Executes dropped EXE
        
        PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4600 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17917931582837509805,6401415258031386699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4984cc40,0x7ffd4984cc4c,0x7ffd4984cc58
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4760,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5012,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5092,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3416,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3248,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5400,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5448,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4572,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5380,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - NTFS ADS
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1160,i,14365282680990735956,8684846755300831713,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected]"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:3904
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\[email protected] SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod.zip\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  PID:5548

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Modifies WinLogon for persistence
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3212
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A0039B917D278EFA5B45BDDBC641C5B7
  2⤵
  - Blocklisted process makes network request
  - System Location Discovery: System Language Discovery
  PID:4472
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B22162F66CC4ECBE7E5FA2CF4CA54E8F E Global\MSI0000
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e650ce0.rbs

Filesize
100KB

MD5
cdfd29dd8426519daa49609400d3de1d

SHA1
90b624f3f71c9e50a135c3747bda67dd82bd5564

SHA256
c1683b2bf217e9698a447133d98772422ca398162ee895c1a9e8de4dca9d304a

SHA512
d63b99cb81ff0c51f070c5a3420987efe6bf3df6b13888fd3f2f17a23452f0232890fdf586ec0073ef4cf0e552646b41b46b0d9b6447766f8e63926ff78d6071

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
592a683bcac09d75897a09dcbadc62fa

SHA1
5f5fc0feaab24a6a367eab2ecc8def3fed8042c2

SHA256
02ae42056ab338a6e7469c105dbca97316f56e1f7e4357c92ff2e1078bc42d91

SHA512
7ab54e77c3148ca0c533512de9c5622ff0aab02137952ec26f4856279c9f211ad25c67ccbebe576d2f0d2c2a4d2a8f82fb0a062e3162c8cf4853baa1aa645624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
48017953f4e9b9de1faffdef7320030c

SHA1
c484412c760fca6a05dd1a544739e359eaa92449

SHA256
a4ac776d86b699a5ff44e6604764910628b0a0b325943dc1c70b5ef3dc8bdaaa

SHA512
7ec70a9ed2ea2eca8be82790e4623c8152518d26ceeba21a889e934b009c3a6eb369385c6ba1a1ac094c2e406110b93a0728a5a4d7998bafba1d16c096abc5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
94137bf048da2b5327c779cd3eccfc84

SHA1
08d8aa2e20abbe0a754d977922e378d71e38b230

SHA256
440faa7dd62e8ae3489acb058cce05d1b302cd6dc4ca8d599e988266d9f8e11b

SHA512
75a690abb2fc275466ffced918479b8bdd6102fb8a072c625c5acfc93fb8c29110e511eac30200abb202933f6bd8aa0121a5821349825e1ab8b523bb6fc88d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
6a1383418ca915439c615fe792193bf7

SHA1
2d83d9f1b787eeb6a2a79ac6f58695cb1e716521

SHA256
41223133cac63a96604d8f0573f7f7f99edef4715e717b24b56721489772d566

SHA512
16d05d1b3a275291ca15a5879a825a3524e195aca5387b961387850c1102d15b25102a54d28e2b78af050b668df5d18f88c785cb2c04ad98eece2961b58bb36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5724ca1705c225d48edcd296ae62bfbb

SHA1
e30eae842bf6cda1e1e8d70e1f7d0473a0e70421

SHA256
fd073c0f5bfa9edca1d6f143caf072e88926fe8e35a158d562c26d811fa83c9b

SHA512
53ea6c8d4f3b9930ebad974ce0bbca4516dc32690bb676c4c1d498aedecd1be7b25da4ce9f46ce6d3eb95170680689189606f52be9699c8084508c45ffe10c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
479b6ae7f504b69f29bc4ed42e5d92f2

SHA1
82cbc31a5701537310965b43b92ae4b9d33d0f5a

SHA256
544ebafb9d9f3419da7481bc21fdaa632c2386bb30813523a554829d3fa29fe2

SHA512
5eba6edb2de5c3f2b92bae0cf11753a9f5488cea923a6bc9f46e179623d274cd3a580efc95ede108147c58a6e808525d736020af83c8b533411bb33b5443f119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a6c8670d55a3221ef8e45bba01e5b26

SHA1
8dbc581ea813f3ea741adc9e8f45c029327aef51

SHA256
bfca8cc921aa2bce25ccbfd3d12cf6f36ac4ddbdf138639e7656211001bb80c7

SHA512
392ef54304113d8fa5a3faf3fabd9d4f249936b11195b4068ad0dc9e495773b66ba7356c309b0e13347c2d652918d5805a59af840e2e02c588bf698edbe76a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
19f47aabc959a03bbc91a26cadb3c6b1

SHA1
b9f44f698b7f0492acc3a95e36afde10ec9c7f38

SHA256
6e30cde2aff434c2e97b95b453ee8d5021b85569de72557e0871fd2413c088c3

SHA512
041bb950caeeb66a3a591bdd1f098e975a3c996851b398a61c79c8cdbd81ba011228c215874fab7b620459798e32886a83864dfd0ea0773d37bb21185904d4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6df58caf14c89adaaa48291d029ea036

SHA1
f5b6a1da5bab86bd2a8a892f9502c2be6f9c4790

SHA256
12520eb877e185b86db652f20d127001268fc85ec873b86d95d47c44b5e4ee1d

SHA512
4fbc646f122321d944779e5023e11e96a075d8a700c2ddabeae714bb44bb9687d862b4a16fbd106bfb6fcf028cc980fa1a5f7fdf6aeb6289070143d43d6dc636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2d5e92f06bb73d2027e4cd01f55c704

SHA1
a1052c53e5683df4331e7ed52bf85b96499c9ca8

SHA256
47707cb710d29cc3e888c1514f3a4dcb95a1dd01a7cb6feafeb286cfeaf1d46e

SHA512
7db03ee12f813b03f7c711e1944ac47e412b90a71a08fdc1bfe920a1d1b3a8904482e15e55ebd44ae2f395be959e2041af0be41f518b0051aac769787e3bd57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da65e028e1f9ca2568efc3d8106d6975

SHA1
2fa073c65a0f1fb4a72021e7acbdb51c920f6df3

SHA256
a80e00c136ba8be2519b5ec761eed264f989159296eb31c989f0315fac692654

SHA512
d7ba12b00c67ac335a068f703d13634583b8b02bbf6f44fcdc62f3c88b17364d2efc3ff636a549eb1e5c4580e4613c6d89c7618e2a1b9650f032c7e2d2f5c6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c56f68d746ae4924a7af5fd61087be88

SHA1
ab82cf285d7c436bba1a4f367f1283a91fcf955e

SHA256
8663fdad4edb59ec1e8ad46617ea867c15a794ae50e3e09885ba35a59158c721

SHA512
5daf71cc2f5f82f2672e47818e637628fbb135f69421454343a91dba4b0807b254a415a1e2fce01d045a0941fd2baa61a3de3c8d09301bf9510cf649f7d376a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b00792c36e9cd537e8d7d9ae14f7513

SHA1
d72c4380bebcdc5acdb3282ce26a610c0b710b00

SHA256
eebeb5ea5cee02e6472a88589a98db328b8911285a5c864e518d8518e8058d40

SHA512
2b7d61294756ab47fd966026a4924a89f4db5a57a0c4cdee2e6e40c7d8f54a9f2996295b6711c2291bd41565ff9a5042c4b89d2883712bd0a3a15d066727b50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22119510d587323b43cb4d165a98f694

SHA1
b9f50abc272b038fa9fc056e938b906630496764

SHA256
e1d7735d15070b688bbe1bef073d28f6eb94de7cb54fa0bd4e9e65a8cac34f86

SHA512
293f2b218a6b7189c8cf531fa675aa878c9fd0365222e1f3c022e8fe0112cc680354b265f354678f02fe2e6fd81a31348caecae394379d9fb51385e9a515e67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72508285c2a5c7e7b71fe60e5b680431

SHA1
3bb7630bea3490bf47a7c3e844cbd94166026722

SHA256
da37ee4237d89d94681cc4c0da13a1db55064ee6df46a44d9cba8983892c84e4

SHA512
9a730e00e85a06a684ac62ccede79bd084ae747747d4ea2daa9e4b0f8cbe699467b3af81c584b8a881b4c6b461b13ff46fe64852bd0d3203c2945af74602795a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4db39750ffdcaf997553c705a2e678a6

SHA1
e17323d54d43e9d4bf7995f16685cbed94228ddd

SHA256
daa50a43b09098b408413be189e4c664421d90e0728172bd90ad50d2c2e53ec0

SHA512
8abed96d28b8855906fc6237ff5b779f23a5883e857962418d9367005c340596edb7e7c6e1f2504295f3234aa5e8e824082fc5c12e8964c3ad7146a7dc78a44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2ebbbb9f0f840057ccca701d3f86e64

SHA1
e6bace2528f55104e1490b025d436eccb9927f9c

SHA256
8e3f1d68c4a716ae2a38ce546f24fff021d7bc1cdcfbe12a9200cb410850a978

SHA512
2892ab4c8a6745bd2eae930c500657145cb8c7254e0d9c1314d376c37a6909fd50badfa2dc03b91014b75807ca39eddb544607d9596c778b199afdc0fc73e834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d8f3879d9228edfa2ba6ff017057deb

SHA1
c137e41430f8f1b322b4f71b122d032c6b6d7ab5

SHA256
d577022b5bb428e798cf8fa4fba9fd9cbc28311d90ffc002dbf9a567095a86c8

SHA512
3611d5a806e19c04d3bec0a5d22eaa4b709fabc7c2d76309385520679abee89942228d5f640b82f8e0218f7e5ff2f3cc3467918c1c4e768949541978943fb910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11082f476b4d355de34e5dc49729c26e

SHA1
649397d4ac3f6e0ab4ca17583bf610bd0b34c91d

SHA256
8c3abf4d0f5f2a947c0dc778446d77f928c615f743d481946a2cc61538f7654b

SHA512
1c68ac5ee70f042b3a00cc7ed57efb47c6ed74924a066eb923e9fc10650f2c5c6ed1bcdfe003226c68072b315537856d23e1206da87d510fd62cbff8dcbeedae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
98e655a196ef165a0a63e0492d81ba53

SHA1
31f0216f189244d6a7a7f13b1afd5ce99e2047c9

SHA256
3e05e13f05ee11bde1d8dce6852a35e5c29714fd373afaf49502c5a90e4f9302

SHA512
33929198521c8856dc0755d0c9a98b665a5d87c7f450b84339d657467ceb45b87f0dbb480f3cf97be0604f6fb6dcfa67d57de0714100d266eb50d4ac176d8eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
82B

MD5
9c12ec41b948e46a5108b7dbfaf1d16c

SHA1
860c5126809bae1950aa06800c5c1bcdf05f6c53

SHA256
34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004

SHA512
a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe63e034.TMP

Filesize
146B

MD5
b4c952d496b7a0d3d7e55e0c505bd0e0

SHA1
0d3df96a310ac99f232e90324b6bff48cf22d049

SHA256
d42137e97f1a121cc7b5d1f6dba9e3e710441ba9a856ac2275fd572fc1283fba

SHA512
d82d3030b4b9eeb3cfb66ce1d0025e93c8af4b58833f36b789e8ca42831f07a84e1d765435551126fb491550606b2f3cf93eea82782626ce936897c0f96c58af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
4922dcfb418ab98fc87fea2b8eb550d3

SHA1
2de31489a01344fca13432dac92f7a6f77beed6c

SHA256
97e009b7c939624d8cf22614380b0cd33c30e6a0c016a0161890ae52b04d7f68

SHA512
d6e17870b98a0ed8800c8e3a2228bbb9c668601005b4e6d829aa56745cea8dd8e0d158e28d86365b510a2f61000a4ba2ab6e99482e69450aedb78ff818016ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
1f663a9e1d3e0493e16fc619f7538073

SHA1
b1e8e86baa7b7568a99a2cad748b11b444bfd6dc

SHA256
0d961fe273adee0f7dff25967225c7168b5805e5b4e69a34ba7cb5ee09369c0d

SHA512
4c29a7538128dfa0396dee1674d782dbac51a957991f23ef286ff1859a90a02ea0057479caa5490b5faec2ff64aa4cfe31ed8caae22befde5772eb616f19017b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
27cea231da6c767d2990d367ca3182a0

SHA1
fafdcf797ca18bf9d10226200150a294a8d85866

SHA256
8c034559d62044ac60dc3009a731c6a88aff661372ee2f65c88169aee254dca7

SHA512
aee45c76e36f95f452ff835785ec10448c76e869f5e172883f732425adec1b26b5c2ce6bc86c1aa0dc112d2588ae8e6f3f0f788f987f7af7a21095595e98a786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0beefe92d2e02d4479a02f0ccbe09e65

SHA1
7fde4674a9a7d5c42695f9aee5e268f79099fd68

SHA256
b439a24c1275a656fa62db7bd4f85226cd3ad9240e77db5a1c82dd6d05d4c7b3

SHA512
7868220ea59996e7b13ab179cc3f0532e694b8263c6ae2ff0593eda8d64912b9c0bb403d1328f0e53a9fdd1b8d1267558f9f0f67ac579f507ace67ad313e8631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb70c4985fa3559995986348c366d9fa

SHA1
c83b6fa175a720f85cd09c689a24e36ddde677e2

SHA256
4b1dd63d4a5eced3d743d4392aeb0acbfa654189c64299833133f12b4ced212c

SHA512
d195aab392aea0ebe0ec7f589ba6f8a0c8d7db49ec5981a70fc6d6445867267544aabc06ae387433ce223d8b79bee41a007e0ebd48a310ff2e0c68b23bae7e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
31758dc398a5f41ba0d806253c98f725

SHA1
44cce209ec70480e470783242f1b2a0ae5c2970c

SHA256
d6c3d7ce257eac16c5aaa6bfb9d5f87827b450c1389c941d5740a33007713291

SHA512
424848091c75d9dead6942ed2b19d0da1f7787784eeb30058e46750d4062d03cac7efb7ffdaa649fd91bb1c7ba9757a6820cf0275a2bde263bf9703f1cf8b66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
101c95225a871aae52351415f821c9b9

SHA1
6cccbdaf18a8e5fc2fa8bc6f5e2c19ca0f7166b9

SHA256
6f633cb22d763eee07554cf0427d580328b043c7ac12abaaa942f1b41431208c

SHA512
3324326d913e587e9a1c4da4adb40ceb38411cf79048f7ed560d982f284193b6f37d074416f199fad8014ce2ed09487f90a611573ac81be62e6ec0e48624bb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1058560e0731860814024dad76901629

SHA1
f4e7746940e44f474b471f57a4d1984b368dc7e8

SHA256
52cbd6c6ff4608ead341297b2b6dab82be1a86adce2c73c32a07ab9455514b02

SHA512
8c68c22ce69fc01fb74e5d95b8c4731d633ba026960d292f4884b77499cd100e5d1611706b1f5f20440b28e5f6b890c0644a222b3bae77167bc8ab3b638f0677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a7ec0826302795149014f171d37aa53e

SHA1
009be80d06de44880848a0512093a9529850edbc

SHA256
13daff689253e441674c4a2f44175dd668341c5cef20196a869aed4d4df82434

SHA512
ce2ac78727f3b82d9faf556db2cd8db8f7bfcdc8037d1fd2e620fe45e7ec6d3b6e4611d2f41851a0ee8ede1301bd55bff8d1cdd31ada45e894e5cc920004bb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92cde8f3065578c24771046517499e16

SHA1
fcfdc55083b26e704a53c03d706d7edd11e42b1c

SHA256
9b9622cef30c9b0fe763afaf78e3ec507360bd7e47ab03059effeb7e01b0c593

SHA512
0cee100d017a350fa26a998268755927faf99684dde70013b59281dbb9c1fd70419f49700bfcc0228602636e00b4fbdd504d06a07448e1aa88c417405ec682fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60671a73fa9fb2836ef4a49ad2dea68d

SHA1
edd61681186bfb8c97d52865dffd7dce25f5bfcb

SHA256
b5aa40c24a07bdb139da11d219fe7f5b9ec9e8408a9513bfc2e2b14b2b512355

SHA512
682763fa7ae39f89bf714df733311d5d7b478d136ed472440e6a387e97310268d9d130160f1462e5656666367e9e3188b72b2d098f72feb1f90806633c5797a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
feabcb42bfe4960cce51f428076489e5

SHA1
cd66f032b897a53b4dc0c28b3fd774f4b661fc07

SHA256
2ea0b38427c6c2f313bf264ed0ff241df31754c41c3301e5166225e97010dee1

SHA512
d25840582434ecc2e39f822ad3fe8701f2a6ac6ed984ebe248f10e3449026c81f8ef2d38844445c7f3246b8181e72d9b2b5a4969b323ef3f7b12eba772de1660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0fc8f091ddd0650d7b4ea6c14d323f3

SHA1
270c47b21078e4c6c29291d8bf21ed227460706a

SHA256
6fd3b31aa8cde1a38388d433763b70c63f40ffed65ba12c6c8c6ebc02d1084d7

SHA512
46913ca80d00eb7a571b68fad1825d3a20bfa8f0e392105254835df7a9c7b928a4bdd0d824fc4570f92de411512da722d13b01bd0f1efae524445bc2f1a4d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1a194352d6f8f30c0abe027e25ebf44

SHA1
5f49a3944935f20d31e8c39d522b209399e0853a

SHA256
aac159ac88d422e4f86ea5fd6a19ebaa8e87f64b914e1c8ff370b2c8a517d22b

SHA512
c7eef996e855573c038b7e414581b8348c593c7b6b7df9b4f0dfa45582d8b2d42c124e7b73ad6f998241d763eba951ed69d2e8650faa7369709e25c866dd8b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d92a69b409ad7d9d0c73dbedaad3d31

SHA1
8d4e34898d8e7cddc37ff583fae79f38cb91d5cb

SHA256
5208c0fa06969c7a686c476677c350f8e0bb5f2c28a6a85b7639435583c1da7f

SHA512
21254d55f739977bc95b587d23c6e0741b419a2a9a6c5285e9260d445fbf43a24604029efb36b79172591ba82c31ff999942fc90539a36ccc0a87a0ea4579fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
bf59fa41231c58b6f07a66d7c3d98f25

SHA1
27181e05d83712705325721b522d132b0156a7ce

SHA256
bb30a296bd0ac939859bbc513434c4e103fb232039628409ebf7d44ed1987328

SHA512
0a6050844e0284a4845d1ea2a7b221ba44fcfcb3b95597eecd951b0194f81e9bc5630f5ed2f5003fcdda1f9e8d907fe7b3dad5dafd49363674a89b78cd7d2ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d85a8d7b417c5c131ddfc352a77364cc

SHA1
e0a5a0779904ff216107a1a86c72a7607af740f9

SHA256
877f956b76624cb67cedc9d2e0ce6abd29898018c0fab77c17d16b37e324ab3e

SHA512
b543d300e937f4d48d000cdec459f8ccf5ff503ac71813daee26c6218e4956280de597a4eccf1a908283edaf57b20819e0c5460505c031991535ef4a7d7cdc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9d11d4dec9ecb83a359f8758178729bf

SHA1
ae1ada141c49bb28079d6807dc7107beca022773

SHA256
f31478b9927c4c92b021f975818f697250da69a9d88f230407cbad0d3cfb4a39

SHA512
853a13573a01161f54ca7ac0d015a5af1fe052115105c83fd866da15965c1767551ad4d61847f0b261c12aff31422c6ae93e37932db14e94bd1092f1cfac5142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583822.TMP

Filesize
538B

MD5
c8397e3df68654a2389d0642f060dff1

SHA1
bcb2e01432941da89116e00bbfdcbdff70f4a9fc

SHA256
445d6a2eaebe8c6dba58790776411abb5c87b8c7abaf9d0e79964056647bc812

SHA512
b7bde10a9d15f28224c20b04faf33c370ca6486a2530acec1e989a394d666764ff4a351409e82f9e4f5782441e79076b30c692e1c2bd96d68704b2a5984b3dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
c307fd203e6db739c07a046efb70b79a

SHA1
9dab6a6d1138e487801a04bcd606bbdf66a495a3

SHA256
aef926903ed1a8aaa6172386336b0dc6192b3c874c01025fe91e59da55b8f5c0

SHA512
ab5346eaee6a0e9b74d5da9fe53a3a852b652a7f2c8b6508084cd6a33ed59402adbd8c01c32caa4f1924fde7b99b28833e7c7343a2b547b16a58f1bbb3c893d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
2a80003905dc2a961e4330d06b544819

SHA1
32f497a790f2e762807cf39f47525e73f7ffd6f5

SHA256
96bb11a5ba8cabe74ae15f21542ff79b8f0b17a99479482625971dcc46f60dc2

SHA512
49a9ba2ddd66f47d11a385cfa5f80b8ae3ce3713ee8cb0b98916c3c738f906e3e9a242f9484530368f8bca37580e99ef0f36cc64471f2f8246707b7ae50dd156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ad7f5cc1914d9d2916bf23aceca94e12

SHA1
a1ca0505d081131808a482e98fa97667391918fa

SHA256
eedd442c7884b4994479f21b677a8efafdaf86ce8ee58bcd8bd3bf63452f8a93

SHA512
77a8ec9c403e82fa4003fe93275f6576b0d6b6ec12d3b1bfe89df3d749f6750a181f51afe9582190a17d4420c8d0571b18893c239ededec2c033712cf7bb0407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ffa96a29bdfaac2b858ca0a23769227f

SHA1
d2aeafc3e8b3c83b82a066b257765f57fc502a1b

SHA256
92b8cd35e00037dcb2955c78084fa56115c6ad1c00728b0f5820bc4586a57a97

SHA512
3b4850df956b1710aeac5b1f1125ee9170532c6dbcae8645623cf055d53509c463b3da68f61fec2d832c6424641f91db6267950396e51490fb32f49dd683678a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

Filesize
84B

MD5
262c36584cbc904f4767adb9aaf0e16d

SHA1
89410d12ad3233b3060b550603e0ce47c1bfe902

SHA256
51bf6832d30b2f61b7f05f878b83fb0aabcffee6e75d1855d3e817612fd1653d

SHA512
230e14830855534383faab17c79e67cefd014454ef13524c187fd26488f3c65b480bb4eb80baf6d753f1513574ae7ef8207424664be52341384e1c8bf105fe91

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

Filesize
84B

MD5
9dad1599df100ee26b82406066107117

SHA1
06d2e4d207c7a65023a3944a70e1721355a0074c

SHA256
34550ffd20afdb3311d33d39a8804005c28375327855b88ca617ffab18676fb5

SHA512
5407a2a4a41c2636b3e5130ee19988d87edce3182dcca34daecc0d949d5d1eed2bcfdd95fdb40a1c2a1d13cd4ccc59b3e81ee037b5c2fa59c92cc1ccf64b17a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{D239321F-344F-4BBF-87A5-4AD65868CC2D}.session

Filesize
4KB

MD5
c008e25c373047ed0b99c83f8d95c7bf

SHA1
04b77d7236b8171b2d750d0127ccacb3633a513c

SHA256
abae05f3456d0e3a449a98b29041fc83f849f00ab680371d3e87fab6d39af563

SHA512
9bec531112c274597abc7953169f7ec5e0c7b53a11b0716cb23f75c5e89314143e86c04a6edcdd17091c49274869ec254241e0ad4b349884d39ce918f367cbaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp428F.tmp\LangDLL.dll

Filesize
7KB

MD5
9888fb6b91a680305b2a3e7b71d6561d

SHA1
4a7935da38f88e9f74f425078ee39eb6269c4e63

SHA256
81726604d47b192620bcf90d6e42ba8ee8b4c54935b0081655e08247d6b6c675

SHA512
f50755e5624bfc3a60a23a7dda012509c1e31d9772d6a0ccaca88e32ae8d4602e10e38003d78b1626464502db7ea7c47d772efb7b3ea7c3e2238bf3b9809f833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp428F.tmp\System.dll

Filesize
24KB

MD5
d997606c77e880be2744c44128843d60

SHA1
92bb9003dc14ae03963f503e82a668877ca4295f

SHA256
abb2613ff851b2cbfb61bf97e4eef9d4912abcb46e04774ad84812ab75d4dde9

SHA512
714d7ce786e9fbb6f0d0e537a146a3a24aa79089669dd168b7c110dfba667fa7afb794b3dd2b93fa76e1d1771af3347a0f568cbb0fbcc8d9755de9e6e54382b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp428F.tmp\nsDialogs.dll

Filesize
13KB

MD5
bd0d7a73d0fc619e280372587e9e3115

SHA1
0cde473dda5d4fda8190e6460f3229cae2571af5

SHA256
c7f2afe3a2424e71563e69d862dc027d299d84fba4ac1ba11e593361daec0a80

SHA512
914983bfa336f9ea019bf5dc9ee403af56a6c7c1d88b8092609e4026a3377daa6ef9a8e51a93537f6769ae165c264763645a363fb6a89f8689f59caf985c18b2

Download Submit
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi

Filesize
1010KB

MD5
27bc9540828c59e1ca1997cf04f6c467

SHA1
bfa6d1ce9d4df8beba2bedf59f86a698de0215f3

SHA256
05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a

SHA512
a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848

Download Submit
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll

Filesize
126KB

MD5
3531cf7755b16d38d5e9e3c43280e7d2

SHA1
19981b17ae35b6e9a0007551e69d3e50aa1afffe

SHA256
76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089

SHA512
7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-store-menus\data.safe.tmp

Filesize
245B

MD5
4739996064bc69a04af122214e11dc8e

SHA1
862b1f36b4d700a5d9d5caf12099f0a28f697cd7

SHA256
10d1811fbfa9bab315b60f991ca0370d3e250ff0d5f2a9e83f8f838ec14ad120

SHA512
d3aef729c70e0f7ce3ca83f88b1f70f4c0e5cf1be154cf37f12174ddd50a92a8b7e65b8cca3af81f5d4a238c91c83ef20c9ad0eb041dc2f8ff2dbbffc3501e52

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
16KB

MD5
82c612132880067a81d51c3d2aedf991

SHA1
0cbdc5c25da006678fec2f3a00e235b40f2df47f

SHA256
77e0e66bafdc8087151f9b4cc540e17e57562284a55b75b7d278c847fc61fbd0

SHA512
92a369d893313ea4641bacd6d9d4015ff210a5ccafdf2a716418d3795126a8b8b52068ff6b9a1274c83e16f1ce15271dde8abaef4363ed1fce34e08926c65ea4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
a9ca590df257ef5dfe1116d0fbf1eae0

SHA1
b4f73e1e3992ffe6e39fd5c0e666a495e76a1e52

SHA256
7ee936056c6fa1cbccb675b28f89c4779d7357924aaa993c3ccc8085642ef5bb

SHA512
09eebf2e2394dce7dce6d722ff14822c686b95de8fff7ab15a176b87e2549187bc42efe6ecb1a36ed6cfefd7d201532ecdca9a6a3b6601318b45eb15f618337f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
8ea457f8b1c7eead2f711fb1481c0b61

SHA1
e71e250f90a676f368e5e39946247272b9bfdd16

SHA256
fb3931bb403d7237a5b37d97fccf3a2b38346ba36993227f1d3f98927547e1de

SHA512
e8708962e0765260cfe118fb7d74d4da3dabbc4dafc1048014f1efbccf151c854a6bce824c6889fa837a728e5d171c9de4a4269115096e4d8c8fba1b2e789f3e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
5b4342b85a1395159e4c3835bc739b43

SHA1
368637a23e37c6c4f78dfb588a846c90b2db40fa

SHA256
f2301d71eca57d44731ed041295b411fbc9d2908545948440487edec394c9122

SHA512
e6dd5e76257ba55a4d5116681ee822206c70ecc1217d41d3aec7428ca5988fb5409276b342c241d49ed1a7ccd57c81e38c528173fa99580bae662cf7944e052b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
22ec2f9279c2eef0974040e3791f939a

SHA1
ca75939b0d8876c9fdf90256fe932114275c680b

SHA256
7bacd82a73c457a84e15f452333e38c8778696dd1d46d30ec2dec46f93679647

SHA512
87f75d36f3bc31d51eba3d494629164422237102f21296ae8431d5a77f9fe961699ee18e12a12c8e0c77be47c55708c93195bf161fbcc3369e32fff30eb52b33

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
865B

MD5
2e75a563c15576fd52aa03d26643b7b2

SHA1
813067427fbe43915fdb6fd44e2f94d29e3657ef

SHA256
a38a6ad1e2a2730446a9c10ed60efa1970a71c7e9366cd0fb944b99ade1563b5

SHA512
531c3874a0ed473b0847008ef1a5bdd1137bb97f553fa1ffc1bdb11c01c27e4f4c46a520d8afee9742a4c3baf3d8e2f4375fd1b587ff053d061f0f21764f5e27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
911a3fac65c3212c401768ab45da0b0b

SHA1
f27c246d9ccd67542e1d67e37ddfd5171beda465

SHA256
2fd18595e2a3e9c18469d93c2549efbcdae16703143a890c344786e8bf4cffd4

SHA512
8a6d9029aced99d0d3effd4168ff8c970bbe87cd2fa37910b6d3a60d5cc26ed1966ea4890ba491fa74b77264915e99d52aa6ef99b087f0bf97035842976ab8d1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++60188f32-bb61-4c00-84cd-c4aae2aeaa42^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
cb8b09ed8932c50b87920f303b250681

SHA1
a95aa38c78993d938ed33fa00715ed0b2dd3cd81

SHA256
79dd7bd024d85113855624867492320d838a6c77b334342791415ff3323886cf

SHA512
5505f2c74a0c86453b4aa07ebb47730d3c1a3ae96c7768acafe5cd768575981f8ecb0b86d8a69e65da7d8180562278d5f506fe9ecedf91ea335f17f595d4d1a4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
09ca13fd1aef41a24e76b1ff46fc30e5

SHA1
c5f038df6b3142dc56f199a8b492722f3c58796e

SHA256
7e498066038d5f2599d44323e9d136975fc41ccd9df81a5cb416b061f943dc7d

SHA512
4a363ca8bcee4f0048c3396f8714577360db44715dd865d351c5b5dbd3af218dba92317be77ebb96791bf695ce1158ccf2a0b204bdec6db9e28921832e07d093

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
80KB

MD5
ef6fef1fff71cd55673e143ad9b119e0

SHA1
c9f36534264527d2a0e71fc010fc01af52ce661f

SHA256
4dda701ba4e2617006ab29270f5fff1e3ad9256b52944e6338b00a841544b8ee

SHA512
d235199b25f43126a894f4c9ede1161ebba779f9e36c88df416671dd888e0c97d202777b5852c85404914349962cd6475f4390fe3176862b6b4e214108c6696c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-descriptors.new

Filesize
14KB

MD5
bf279a82199d9fceaff04b99f01abb16

SHA1
d666577372f806d05ec7849638b9831822dc126c

SHA256
33ab81058ca1991f64658f75b4d1637069b961632b7684e511225c5ade2f5c37

SHA512
193d4950b990eb686de45e3681c4bef75445e20ee6c30e121262274e3a37fb55241cdd3983f01bc7a69071601c11026dff5ca05e1828291395d725fd9209f56d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

Filesize
2.7MB

MD5
1d3c5900a9df693dcfd8f83252fb1ab4

SHA1
6866de74353bdfc4f63e1e115875307c5ce56f73

SHA256
57962a4eceb50922f25af693a866cb0d50e94b84cf77d1a8ce3c3faa9d415528

SHA512
362efd6a04aabcf2071c310d6d937d58b7d5c26dd8faa0ea53b7b641e358e914d467b209cbb45b9ea08360ac8452eac7684269c14aa3630b85a028492c2ea59d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
7.2MB

MD5
0a85f4b654ab7e30219e65c432266828

SHA1
18f025d40132756c829adbc5c6b2615a4dfbebbe

SHA256
65eb06e2c685886ef868671491fe930696a97607369a520b0e2de844dd5ccad0

SHA512
8beda7c80b0b11b57dbb1a203a2bb4c94d43bd454ef07ddc8d8b3b0864cca48528a1d3f4dc422b0437d13ed952387ce20b95dbc660b529c5be7587fc30b83a84

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
25.8MB

MD5
387191fe8d38a9f7d1b2a0c5d305e7fd

SHA1
5149e768fc041c419b0fb2f9e6ab301062d39329

SHA256
c987e44a3c0449d469315d3fc9044760cbfad170c48e4f06e012e7949e6beab0

SHA512
fadce6b56e5e4e03511e4a9c95015a9220b458e4ab98e03937165529d2b054b41844ffd856ba57413a22e2bfea69c5ea9a489993260589654d3ca38cfddb0199

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
937KB

MD5
f48958ce295af595f261850e33793617

SHA1
cf13f6800b5fc4217a5cc1d0b1450c1c753b2098

SHA256
460aaa6484bf8422415dfe08260e8536866e3731ed5b8b7913cf4b7b1333493a

SHA512
7a9de625cc9b7d6ffedbad19201558b191d1e32686c7f4417571b25838c47dcf8e16ca63772c94827a3abd6b646c8216962deeede6ba713180e0dc3bc7871649

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
f3a5e136e846c3fb57569a13db724953

SHA1
7283efc6c6b152d939814f9b5e45976b03ec5b7e

SHA256
9291ac920f4e61836b2443b4db0f9c139a2c5e0eaa875af013f9da15057f8d20

SHA512
ad3369f2115d319785935478f5ebe06a06f618e65272a13cd13b29bd4c97774738ce35c203ee227fe67cf3668df436b3d97d8d2ad8838b8fa6d74a3c34ad6bf2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
979KB

MD5
52aa3560dcf7c2de31ea95f583bf5f77

SHA1
fa4bac6187f7ebf791176b3cf7ea2a97a7f63089

SHA256
a8968448c0cd95f5995af8b9cbb6172241418abf6c28f86b5878154096833ff0

SHA512
1fd8201299b7980e6d94ee985590eb7489eb57a44db502af9ab2a2a44a8d7a95a0231076dff903c0c32077deabde7294e24d435b49d5bf2bd6651333184497ad

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\gkcodecs.dll

Filesize
10.0MB

MD5
53d2d077680c6e0eff2626f3218b1c2a

SHA1
95478e4550e62e3900064eb25f1acafd1d193c67

SHA256
250c2964f1b4e155caa7bccd7e1ea2e1b28643fbbe452879f153bca6c3a26673

SHA512
85cb19e27f3d36af9241ba756449e43bfd4c18dfd590c8843c06a71ffec4b5d774df183cba50aee9ec4a171965fcac2f7e14ea5745f66b50b6d5f1ed4dc5074f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
493KB

MD5
34e22e8a40e522b294d1cc276b4a5cbc

SHA1
19b96b0b4fbd569b98c3d6c3e2100b5f594ebbc5

SHA256
c22de5319e4e6406b27af6d7cce9a4b3c7cf9fac9cb901cd1642c7382afb4a9e

SHA512
ac58703725282f17223f02537c6ba58177a9ca26c35d018e6d2f24d332518592f00e899c346954719294b6db6622ad13887e1526c1c220bed907b3403e230501

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
3cc68d7fff64c2355ff241e133b1787c

SHA1
7fb00e634e7b8ddd10a787f44884256da5da9cfa

SHA256
5cf6ac9bc6c86a09aed73eb2356213669c521a0a36dc477ca1a539a76c2df84d

SHA512
7e7a9ba0b3c627d0bb056d0dd96fc53cfd159b133ed3e0f00dae7b61e993823880608b86546a0c05228ca96fc1564191ebcbc021658fa30b9488a8a334faf45a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.6MB

MD5
64487e234be7ab3659bb38c6032f3f23

SHA1
b4357fa7f97df8095ac7c0529d53229195ecfac5

SHA256
18e2231b61291f496216dfcd413b1c16ae2b922e5ac48316912152b3a911f9dd

SHA512
e87894e358f556c8b8dd0d13beaa96b3a0b81e280e1bb6ddbd145d0886b41bdccc89394fb9bb62175b91aa577a98b440d66d59ef58e6cb6ef4f35d771e5b3dd4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
480KB

MD5
69cf761a0b4df61db6f0f60bbe5036ee

SHA1
10a0fcfd053793e20eb41ff8f9d488df18a0624c

SHA256
0947317da454406436cb8a08018eedff0bea24658e28e90bfd25edea98e75eef

SHA512
cb1464e2ca0f01c5aa48550072901e7f5eabaa132b052cdcc1904f0ac3745a427941a4c3ec07acf3ebd783e2b8c18db7ea56c33282642ea099a3fb3ab5d62c00

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.5MB

MD5
0cbce5fc1270fd480249726803237f2d

SHA1
410cc9e8b3209d4aa0713e66128ef9f8c0bf9177

SHA256
77152dab3ec8179337f7cf0a7dddf36f794978ff258eb18984f8c3dde808806c

SHA512
e33e61848be753cf41d7ef26444c31b5a8e5eef1d3aca0ea32d283f03f72c47687f2fa450e8916cee37dd8c3d376ff8778bb3409aa9e61293fd675bfddf61474

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
301KB

MD5
5355deee08cb6eeea561a5dadb352350

SHA1
9680ffebfe550a173cd0bdf55588874293522388

SHA256
dbbeaf73f2e4e028a79b5c25de6e7fc21e2ff7666dcae8941e3fb0ee6b0fedcd

SHA512
9931d389e783b262cbbe469f115ba6842f7d95db609fa351fcd5e15cb27daa279f1d6d9b534d1772ba675cc04ede608b2a5af679d58dd751a03b3cb917c914b2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
3373da6faace32281698fd5fe3d7832c

SHA1
f97b55991c65313df9806c5450ac6469296d2e70

SHA256
51dcd21c098fd1d08e72a990a56ab67f451ddef853e5f81f112a27af7d90af4e

SHA512
56577f9f5d72eb0de4dea8106cdd6f07bee67dcecfa8647fdc1f9ffefb5ea1249a4dca12abf82ad38b8c0451a4102b9208065d37f4d8bc3c1ab8c96a480247fc

Download Submit
C:\Users\Admin\Downloads\Winlocker.VB6.Blacksod.zip

Filesize
1.6MB

MD5
713f3673049a096ea23787a9bcb63329

SHA1
b6dad889f46dc19ae8a444b93b0a14248404c11d

SHA256
a62c54fefde2762426208c6e6c7f01ef2066fc837f94f5f36d11a36b3ecddd5f

SHA512
810bdf865a25bde85096e95c697ba7c1b79130b5e589c84ab93b21055b7341b5446d4e15905f7aa4cc242127d9ed1cf6f078b43fe452ad2e40695e5ab2bf8a18

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSIE19.tmp

Filesize
180KB

MD5
d552dd4108b5665d306b4a8bd6083dde

SHA1
dae55ccba7adb6690b27fa9623eeeed7a57f8da1

SHA256
a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5

SHA512
e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

Download Submit
C:\Windows\Installer\MSIE2A.tmp

Filesize
88KB

MD5
4083cb0f45a747d8e8ab0d3e060616f2

SHA1
dcec8efa7a15fa432af2ea0445c4b346fef2a4d6

SHA256
252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a

SHA512
26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

Download Submit
memory/2656-1184-0x00000188CA2E0000-0x00000188CA446000-memory.dmp

Filesize
1.4MB

Download
memory/2656-1055-0x00000188D6260000-0x00000188D6270000-memory.dmp

Filesize
64KB

Download
memory/2656-951-0x00000188CF440000-0x00000188CF450000-memory.dmp

Filesize
64KB

Download
memory/2796-960-0x00007FFD58720000-0x00007FFD58721000-memory.dmp

Filesize
4KB

Download
memory/2796-961-0x00007FFD58AB0000-0x00007FFD58AB1000-memory.dmp

Filesize
4KB

Download