ardamax | c0f7c3f593d8b31e0c6fac845ae5829c13e170c22bda05b1863dc6b7bb8801ba

Analysis

max time kernel
1199s
max time network
1212s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
04/12/2024, 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Obekräftade 231649.zip
Size

277.7MB
MD5

6319a740e05748ddf05a7a122fc42e66
SHA1

680db1ddc43500a991f4ef32563c275a69bb8c57
SHA256

c0f7c3f593d8b31e0c6fac845ae5829c13e170c22bda05b1863dc6b7bb8801ba
SHA512

03c5f14aa35b60ba8b82a0c8987d2ca773ad1064fab7b800160b2a72aa6a9b78674fbe29a97f7dc063d6b76c09c2a43e08ca2dd31a6dd947ed6d0592fa83be33
SSDEEP

6291456:7G5AfA8/dSjOnRcHFjajD9eEHJ1P0CmqDJLEzCRn/OZ5ed:7Pd/PRcH1g9eEYPwloCRn/OZ5ed

Score

10^/10

ardamax agilenet defense_evasion discovery evasion keylogger phishing stealer trojan upx

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax

Ardamax main executable 6 IoCs

resource	yara_rule
behavioral1/files/0x00010000000259c7-356.dat	family_ardamax
behavioral1/files/0x00050000000259ee-362.dat	family_ardamax
behavioral1/files/0x001d00000002aba0-367.dat	family_ardamax
behavioral1/files/0x00010000000259ce-357.dat	family_ardamax
behavioral1/files/0x001900000002aaad-370.dat	family_ardamax
behavioral1/files/0x001900000002ab6c-402.dat	family_ardamax

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 43 IoCs

pid	Process
5024	build.exe
4120	build.exe
2120	tor-browser-windows-x86_64-portable-14.0.3.exe
1364	firefox.exe
3508	firefox.exe
2192	firefox.exe
2640	firefox.exe
2444	firefox.exe
5016	tor.exe
5280	firefox.exe
5752	firefox.exe
4228	firefox.exe
5780	firefox.exe
5916	firefox.exe
2644	firefox.exe
5680	firefox.exe
5376	firefox.exe
5624	firefox.exe
4948	firefox.exe
5208	firefox.exe
1424	firefox.exe
6788	firefox.exe
6816	firefox.exe
6844	firefox.exe
6872	firefox.exe
6904	firefox.exe
7380	firefox.exe
7352	firefox.exe
7324	firefox.exe
8112	firefox.exe
8140	firefox.exe
8168	firefox.exe
6500	firefox.exe
6852	firefox.exe
7320	firefox.exe
7912	firefox.exe
8216	firefox.exe
8920	firefox.exe
7076	firefox.exe
8028	firefox.exe
6716	firefox.exe
6960	firefox.exe
8748	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	setup.exe
2120	setup.exe
2120	setup.exe
2120	tor-browser-windows-x86_64-portable-14.0.3.exe
2120	tor-browser-windows-x86_64-portable-14.0.3.exe
2120	tor-browser-windows-x86_64-portable-14.0.3.exe
1364	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
2192	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
2444	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5752	firefox.exe
5752	firefox.exe
5752	firefox.exe
5752	firefox.exe
5752	firefox.exe
2444	firefox.exe
5752	firefox.exe
5752	firefox.exe
2444	firefox.exe
4228	firefox.exe
4228	firefox.exe
4228	firefox.exe
4228	firefox.exe
4228	firefox.exe
4228	firefox.exe
4228	firefox.exe
5280	firefox.exe
5280	firefox.exe
5780	firefox.exe
5780	firefox.exe
5780	firefox.exe
5780	firefox.exe
5780	firefox.exe
5916	firefox.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/1372-329-0x0000000000B20000-0x0000000000C4A000-memory.dmp	agile_net

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4804-1320-0x0000000000400000-0x0000000000494000-memory.dmp	upx
behavioral1/memory/4804-1323-0x0000000000400000-0x0000000000494000-memory.dmp	upx

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.3.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Agent Tesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31147621"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2103860317"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\.ini	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\䗡쀀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file\shell\edit\command\ = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\Winword.exe\" /n \"%1\""	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{7AE2362B-A235-4559-935D-1937C444306F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-14.0.3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\.ini\ = "ini_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\䗡쀀\ = "ini_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file\shell\edit\ = "@C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Office16\\oregres.dll,-1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\ini_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 285421.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.3.exe:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
3908	NOTEPAD.EXE
1308	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
976	Winword.exe
976	Winword.exe
3920	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
2376	msedge.exe
2376	msedge.exe
2744	identity_helper.exe
2744	identity_helper.exe
3544	msedge.exe
3544	msedge.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
2240	msedge.exe
2240	msedge.exe
672	msedge.exe
672	msedge.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
3488	identity_helper.exe
3488	identity_helper.exe
1372	Agent Tesla.exe
3004	msedge.exe
1372	Agent Tesla.exe
3004	msedge.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe
1372	Agent Tesla.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1308	OpenWith.exe
4484	OpenWith.exe
3920	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
1036	msedge.exe
1036	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeRestorePrivilege	3716	7zFM.exe
Token: 35	3716	7zFM.exe
Token: SeSecurityPrivilege	3716	7zFM.exe
Token: SeDebugPrivilege	1372	Agent Tesla.exe
Token: 33	1372	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1372	AUDIODG.EXE
Token: 33	3920	vlc.exe
Token: SeIncBasePriorityPrivilege	3920	vlc.exe
Token: SeDebugPrivilege	3508	firefox.exe
Token: SeDebugPrivilege	3508	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3716	7zFM.exe
3716	7zFM.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
2588	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
4484	OpenWith.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
976	Winword.exe
4952	OpenWith.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3920	vlc.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe
3508	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2376	2120	setup.exe	87
PID 2120 wrote to memory of 2376	2120	setup.exe	87
PID 2376 wrote to memory of 1568	2376	msedge.exe	88
PID 2376 wrote to memory of 1568	2376	msedge.exe	88
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 1708	2376	msedge.exe	89
PID 2376 wrote to memory of 5016	2376	msedge.exe	90
PID 2376 wrote to memory of 5016	2376	msedge.exe	90
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92
PID 2376 wrote to memory of 1044	2376	msedge.exe	92

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Obekräftade 231649.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Temp1_Ardamax_Keylogger_4.8.9ecfba.zip\Ardamax Keylogger 4.8\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ardamax_Keylogger_4.8.9ecfba.zip\Ardamax Keylogger 4.8\setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ardamax.com/keylogger/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:1044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9497017231498507595,16547328850597344875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
    3⤵
    PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Ardamax_Keylogger_4.8.9ecfba.zip\Ardamax Keylogger 4.8\Serial.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Ardamax_Keylogger_4.8.9ecfba.zip\Ardamax Keylogger 4.8\Serial.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1308

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.AgentTesla\Agent_Tesla.607cb9\Agent Tesla [Premium]\Agent Tesla.exe
"C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.AgentTesla\Agent_Tesla.607cb9\Agent Tesla [Premium]\Agent Tesla.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.agenttesla.com/login-register
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
    3⤵
    PID:440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:3436
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,10221264579225781106,1838771466320651193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.agenttesla.com/login-register
  2⤵
  PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
    3⤵
    PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.agenttesla.com/forgot-password
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
    3⤵
    PID:1040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,16676601898702838153,9273871761811586354,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,16676601898702838153,9273871761811586354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
    3⤵
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,16676601898702838153,9273871761811586354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:3956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16676601898702838153,9273871761811586354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16676601898702838153,9273871761811586354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4484
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Agent_Tesla.607cb9.zip\Agent Tesla [Premium]\settings.ini"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ethicalhackingtutorials.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,14223112393990166097,15109433110740619444,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\builder.exe
"C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4804

C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\build.exe
"C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\build.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5024

C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\build.exe
"C:\Users\Admin\Desktop\TL-TROJAN-master\TL.STEALER\STEALER.Azorult\AZORult_Stealer_Full_Cracked.182d68\AZORult stealer\build.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4120

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_D4rkDays_Malware_Package_v1.39d280.zip\Malware Package v1.0 Beta\trd.GIF
1⤵
- Modifies Internet Explorer settings
PID:3088

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_LimeUSB.eef654.zip\LimeUSB - Malware USB Spread\By NYAN CAT.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89413cb8,0x7ffc89413cc8,0x7ffc89413cd8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1972
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.3.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:2120
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1364
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3508
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2508 -parentBuildID 20241125154204 -prefsHandle 2464 -prefMapHandle 2456 -prefsLen 21009 -prefMapSize 252047 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {72b65097-f014-449a-9584-551329534842} 3508 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2192
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1928 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 21821 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9aed2f88-f8aa-493c-92db-e4cd09b82b5b} 3508 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2640
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:0e22581abef3e995604c8c2417ba9cb6074fc980599753f8cad2b9066d +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3508 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5016
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3272 -childID 2 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 22589 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c4812eaa-00f0-42e3-8994-31fd523391ff} 3508 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2444
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3440 -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3452 -prefsLen 22702 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {da79d609-eb03-4974-989e-f9d291565ddf} 3508 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5280
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3632 -parentBuildID 20241125154204 -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 23128 -prefMapSize 252047 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c9e5d351-2b89-45b6-bdea-7542291f8c6e} 3508 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5752
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4112 -parentBuildID 20241125154204 -sandboxingKind 0 -prefsHandle 3228 -prefMapHandle 3540 -prefsLen 25490 -prefMapSize 252047 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0764264c-dd6f-405e-bb4b-67e11762c3aa} 3508 utility
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:4228
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1876 -childID 4 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 24349 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {196b67c2-2123-49b8-8a3d-b46cc67c33d8} 3508 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5780
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4396 -childID 5 -isForBrowser -prefsHandle 4456 -prefMapHandle 4408 -prefsLen 24349 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cae78618-026b-4939-8b07-f82302d04e9e} 3508 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5916
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4576 -childID 6 -isForBrowser -prefsHandle 1876 -prefMapHandle 1668 -prefsLen 24349 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ec4a077e-cced-4522-b6d6-bb13c2b42f8b} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:2644
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2100 -childID 7 -isForBrowser -prefsHandle 3296 -prefMapHandle 3284 -prefsLen 25971 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a0767893-b159-41e3-8b72-3a032c455a7c} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:5680
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2300 -childID 8 -isForBrowser -prefsHandle 3348 -prefMapHandle 3336 -prefsLen 24634 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8b5d7f67-3aeb-4890-95ec-b61e538ec28c} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:5376
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5160 -childID 9 -isForBrowser -prefsHandle 5152 -prefMapHandle 1472 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {90c9fd77-58fa-4dfc-b853-305def1a79f0} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:5624
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5560 -childID 10 -isForBrowser -prefsHandle 5432 -prefMapHandle 5552 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7d4c9101-e9e5-4bd8-bc16-927ea04ea8bf} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:4948
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6788 -childID 11 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ab71e582-3275-4298-9f45-beab54a987d7} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:1424
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=7120 -childID 12 -isForBrowser -prefsHandle 7280 -prefMapHandle 7276 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b0f37311-6849-446c-8171-4b36e1113108} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:5208
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=7032 -childID 13 -isForBrowser -prefsHandle 7792 -prefMapHandle 7704 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {147265c6-eb4e-4139-9c1d-af078f1530fe} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6788
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=7028 -childID 14 -isForBrowser -prefsHandle 8428 -prefMapHandle 8452 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cfd4aea1-d9de-4487-a366-5ff35a0dc142} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6816
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=8468 -childID 15 -isForBrowser -prefsHandle 8348 -prefMapHandle 8340 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {90b46da4-2e20-4448-85e5-7214274df3af} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6844
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=8476 -childID 16 -isForBrowser -prefsHandle 8328 -prefMapHandle 8332 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4bb10b54-3edf-4189-bf74-a6b93159fce8} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6872
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=8484 -childID 17 -isForBrowser -prefsHandle 8304 -prefMapHandle 8300 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7789f062-2f08-49a7-bca1-c277be714b30} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6904
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=9452 -childID 18 -isForBrowser -prefsHandle 10212 -prefMapHandle 8304 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cc076a39-cf11-45cc-b931-55a0d25979ff} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:7324
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=9440 -childID 19 -isForBrowser -prefsHandle 7316 -prefMapHandle 10236 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {70b0883e-23ca-4281-b915-55c4c0a1ad14} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:7352
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=9584 -childID 20 -isForBrowser -prefsHandle 7276 -prefMapHandle 9432 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {af44c73e-2bf5-4efd-98b1-a327e64b2218} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:7380
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6420 -childID 21 -isForBrowser -prefsHandle 5988 -prefMapHandle 5492 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fc0fe274-f723-442d-ad11-e65b4b1c87b7} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8112
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6984 -childID 22 -isForBrowser -prefsHandle 6424 -prefMapHandle 5748 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4e952364-22ff-4be0-99ee-ec4447817c0c} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8140
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=6776 -childID 23 -isForBrowser -prefsHandle 6956 -prefMapHandle 6988 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0df28101-1ef5-4627-b8e1-b5c050d8be55} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8168
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=12452 -childID 24 -isForBrowser -prefsHandle 6232 -prefMapHandle 7488 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5657d217-c141-4e46-8714-843b891ade12} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6500
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=13660 -childID 25 -isForBrowser -prefsHandle 13668 -prefMapHandle 13672 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3388ea61-828f-4ba2-b1aa-2b260cc98213} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6852
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=14156 -childID 26 -isForBrowser -prefsHandle 14148 -prefMapHandle 14144 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {19228578-fd6d-4668-b0aa-c88b267ac9e4} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:7320
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=13380 -parentBuildID 20241125154204 -sandboxingKind 1 -prefsHandle 14316 -prefMapHandle 14324 -prefsLen 26060 -prefMapSize 252047 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8a2bc850-ee5d-4bea-a035-7bc713e7854e} 3508 utility
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:7912
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=10120 -childID 27 -isForBrowser -prefsHandle 11360 -prefMapHandle 9824 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c4ec55bc-331b-4d5a-85ca-403a1ef5ff3c} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8216
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=9012 -childID 28 -isForBrowser -prefsHandle 13936 -prefMapHandle 7344 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6ffc9aa6-a468-4776-bd13-06c8a628eba2} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8920
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=536 -childID 29 -isForBrowser -prefsHandle 4732 -prefMapHandle 1820 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5ca6b557-23be-4596-a59b-05a4c7fb4fa4} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:7076
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=8336 -childID 30 -isForBrowser -prefsHandle 4304 -prefMapHandle 10804 -prefsLen 24723 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c389f213-7f76-49f1-9aad-3b84c631508e} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8028
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=10732 -childID 31 -isForBrowser -prefsHandle 4128 -prefMapHandle 6268 -prefsLen 25071 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c86e1632-b26d-442d-b179-2168223747b2} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6716
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5512 -childID 32 -isForBrowser -prefsHandle 5320 -prefMapHandle 5708 -prefsLen 25071 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fefa2161-2256-415d-8ecf-21c6aa2f81d8} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:6960
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=10504 -childID 33 -isForBrowser -prefsHandle 9816 -prefMapHandle 11524 -prefsLen 25071 -prefMapSize 252047 -jsInitHandle 1348 -jsInitLen 234780 -parentBuildID 20241125154204 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2adb1b2f-4abd-4f85-9136-738e783cca9e} 3508 tab
        5⤵
        Executes dropped EXE
        
        PID:8748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3319260381204694044,7359418100600982274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6792 /prefetch:2
  2⤵
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_CF05D07E0A14517C71ACBA97497C0E4E

Filesize
1KB

MD5
4c9be3df8203bf204a05b101cb324840

SHA1
948d4b0c9ae2e54528a65d802e9fc341d67ce1b4

SHA256
b01f63544b4702a5a4b5f41cc0d616441e4cab4ada5621d886d63f58f6f84cdf

SHA512
b3fab5d1e985f283dce7573b2a316428f9a52117841cef4d46076ef17202287bbbfcb904cb901eb62ecb60e2fd7d4443c34e844c66efb709d2517888ee48ee70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
caef077d66c221893087d1ad349e5d62

SHA1
3ebe231961d42cab59d964e8e6d3dd6e4661f488

SHA256
efe74e079611353dd865f323bd3cda14dd9862c7a3b9099b1bc47012aabee255

SHA512
75797f3b950ee7c5aea5556b672f3271107e5a7e7fc96741d5fd0fd492eefa9ee355dab99d8e5a116a78a3dc94bab4b38179aff9aee45c15e5958ad7b8caa1f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_CF05D07E0A14517C71ACBA97497C0E4E

Filesize
568B

MD5
4038ab2cfa32b4dec36be3bf729cc926

SHA1
514714fc64ed2d181d423016e57c730059188356

SHA256
eab62bc87bdb5ee3185cc5da57296d62ad67298c946728234198f277a6bc9f1c

SHA512
8edae5f2fce7d7203e0ce5790cb667b60fd57a8d42a20ef3787ed2d3035e1ba7d5421a95157f17a9b5cd18f968a297fa25b9ccd10b309888e18cc8c0580adfc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
13795a7d892dbf72a2d21c48c58b9980

SHA1
8e72789c6a59f1f6524cfb8a5c888ed691ef511e

SHA256
6f1e455d26b870516a724eae7485619e20ba7c0e8ecf5bbd407d48ab715a25d1

SHA512
bd7d46d73e0f8352afb8cbde4e63d66eb7ff49f5414947ea8d58bd31e485e57abccb31bda7ba4c47997f60c547cf91f78771f23edf881d8785d9cd7c20c0cbc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\42b75fd0-7d99-4002-87b5-6a0b0a2f2407.tmp

Filesize
10KB

MD5
0e4ea65cd57f33e4a7f315c0f9d6d40e

SHA1
cbf52b4fdace4d241125796ef6fb2ea28fef9452

SHA256
f7c29cbf24d6e824ce811bfb76964093acd4321fae377844939307b1e8f0c340

SHA512
e8ed1a286b7cc9af6c0dbc06b5ff60fdfe1100edd040f39a405a1066fa51b42d3b7215cea0a5ea056a458967dd3b85ceb16ca9511a4272e78064333e7fae5762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdc6065dac662634d1932a8666ca3d70

SHA1
7d854ef1d7911137ba6f7053fb5710a8b1fe5b9f

SHA256
c0fac3d65a522db3a998dc1a3fea166bafe9a8d3e31ac1806cb0d5c8d439539e

SHA512
48c2fd5d1186983f04670c91768de855cbe418abf25503923bf8c7e13557b0821dcd389725f07395d8d202a8ca41b5f347e11c33dedd88f689144498c0368541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5eaa3ac5d3d9716cda236a136f99cbf5

SHA1
beceb22eee061cb12441e22710efca1e57c776b5

SHA256
34ce3bbe59af9db2c4d9eec4db806860d0b849e4bc118274c6d2de64ed9a7363

SHA512
cef387e26d0607b2b8cf57fcbc5c39a7ab0ad7e9046d778f9280a43318fc2637b80dd8f45d90d17c57c717837e28c8cd802abe800d37d702071aa2ed96a81862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
565e7be5b53995b87a79e73ef8c1aff7

SHA1
24a031468dc09856066dde3f2535d71307450376

SHA256
dfc65d88cae523febb31680b52b6ce6e56934a0866544178b6c8c3e6faec347b

SHA512
d1ab74099d09c3574ff4699865a0bf756d07f25aa81a0975daeaeb13c8e659a573e26825912be875a4fbb685167a3367ac749deb4e1b868f97f689c5b1bc8500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5090ebba3f531406008bba9ed25403e0

SHA1
de9cef6938e7b6bdd949006b569b1fa53e80a024

SHA256
6f46cb2707374adbc20d51d3de852a4e92f2a2787a9167b74b08a6dbd8c8b71c

SHA512
25bac3a3f91d071a969243a8fa411013bea535a486d9413c736f3d3f2730f568d17b61e655a35377b5ea168eaba94036cc7c8beba59e1bd5ef6f767eb279f7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d492ab0b17d00123f2ae1a3751636b2

SHA1
3afbf67b2d0314d8646d8b0d3d78cf70beaa9f91

SHA256
bc9fea00ddd77f0a99fc3998385521e2de0c1aa73bbd0fdb50daa35bc04337c6

SHA512
7bd89e4b1ec53d232ac64e50d157976494d167ff8d929a9010e92828d1414bbb25c9285b33211f61f478fc011e67c181b4177411fe56fa3f14780a5dcf9afde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d4db60f-a78b-45b1-a736-4e9e4c8f75a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
983d03dc6aef889af05802085ba33d59

SHA1
b91ef29ddf38a74f00e65a922266a780acd00d3a

SHA256
fbef5e89bc582b2da430e5360bebb49a9bf3c7896c72222c11879cf50f1af1a0

SHA512
2329cd16010281a56f749d822c9d18783d05b12eb544f854dd16fd869d6f3c1b544f37771e9d92b1295a0780c8df1dd3f2502b6a1a194d301b0b2ed73f2c1c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f6133028696f5379f6c49b6d4d05f98a

SHA1
f9d51c9e3596adc4fc6cb641e1b6e6066340b8ea

SHA256
e7e3b38ba04f934e47dc1f213c83d6eefffcf8705f227e23fdd788471e98f6d3

SHA512
76773170ae1e8ebadd1af2b3ed462365b6b1d8cf18a7a447537f4c0a69bcbe5cb2971f227b72ebebbf2bef1b5150c243024d8491c827017e726ac1e09f4c30cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
55875d19f981f95f63daa63d82711122

SHA1
eaa419627dee4a0f0ea53facb426ecde1cc5b1b6

SHA256
ba2ed4ed150112ae0e164ac0927b3790c63d3478c8d16f0844f68c95a37d4c16

SHA512
ba07b9506cc95b8b9855458760253f1b6d8f24c83542484c6b204500bb11b6facc31c78a8d53cd52aa434062db4a647d7db7986acd9a49973e7d3207acb3c25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
90909cb2edaeda66a7ea501de6918f0d

SHA1
27b46f7e1ecdc347a7f211f6a6baecab565da987

SHA256
6e69b0800f65a564b454330f2ba979afb1259998e81a86d8c0df3e9e949f50c1

SHA512
db30452f338874e62e50316edbeb7f3f39652015e1f0abbaf054b06d4fd130615383178c4dee207dec48751957f0749416cbaae8f46cd5ef2869b7fdda1ab927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
96077a25f5419814fe3dbd426298ea72

SHA1
57c7cf854030a28a01264e1dca4db02f634c7402

SHA256
3b903ff39f00e7b1a7675e4e7f4628dabc63b64936dc450b0c93a4399489bd3f

SHA512
282845c35dffa144c83517d9caf0fa5ecc5c2f02a728cb9728350fbff4c46e05e20071fb6d78812687b994576a9e33c53b2ceec5059b2843daa230df21a70f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
686f6927b968a1ff65ec832763e07ffb

SHA1
c08dc563345b250a8c07045352a0c3364b35df8c

SHA256
cc49235ffc845cbb2fca4ab9d61ca3f6c65b02fbd0a4fd4e7779cd0accb8dbcb

SHA512
4e482217e98a995171f2eed270940eb7492cae6cdc27de615e76d6ee40f08d54887dc3fde8b2f758d0e508ee129e2edc56f29e6d0c9fa899d717b3b07ec0977f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
34KB

MD5
1b6b124e5cf44c932379937077813f01

SHA1
859ec04879f328806378dfd4e2f63096ab9c2447

SHA256
c968c5a9a62f33701dd8eff5e2bbd844ae60157feb710a491e342ae0bc103150

SHA512
99d720277cbd911219b8a4b7ec4bb1473b2ec52fcbb0d0eb5381b4edab2acd4b1b74d60a515ce3aef364949a922721bbd002755db72bea8ec006e66902525b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d54c631735ead19d1101c28c54078c74

SHA1
22aceb9713c261e18fb7156312e6c223c6216c30

SHA256
15e13403ecee247d61e17979cbb7d7c06d07cf91f0e10065243cc54a100111a4

SHA512
c5557fe5d765aa98693538faaf6f255863554bca064c0ae0042946c01f81f83c6505ebaa829f588b756ea8e93e0094fbccb4861227f176937fddbb815334a09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
aa55f0504fd6c5137898c81a2688f9be

SHA1
9d8c9ec29976b3f8bb6e67c427d4c9c5c0c398fd

SHA256
2df4e48f4dff50c0d0273db14fdedab619bd71b2dc69abb308f1a3ec16111a0d

SHA512
912ae11662c07f8703f417985cc8c822724e2f77e732542bb7b85ca68b0ba2ea163237e015a0b085c812085ac6d51d8d7a40adfb5f351b67d38313db9e990c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85cad7ec89e63a522ee9331b199bd03e

SHA1
993515512531bd73f7d61c5800eae57f62d23a63

SHA256
91727c8e1acd11ada2254ba4b32873e1a301c9b50a908c140444faf50c529aff

SHA512
197eec71a4ab72f7aa1b8c6402cde6003f2be395269bb3c9b295cf50ece1421b68f370e97b6cf75a913c235406a1727991dba620e54b1979482cdf3039c5cab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3335267a3c4ac10c06a20c79e5badaa8

SHA1
64b8285a93d3885af84cb0acd21d9637314f0ba5

SHA256
86ebc03d7f74ae8c953cb8451bbdf35497cf1c3074665f5f7bb5873191288cdc

SHA512
6ea37caf0e4fb0bb02a1e6526b7a2ab400fdc1e6d06b3c02c10f7cc00364eda2eacd04e37fb7db8f8028b1fee9a5027fa438a43847b6faf8f5c7980084da94a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a8d6ffe41b5bcb5cb3e9840a1dd47eaa

SHA1
7735570ec6a1f95988778bf3364c02ee136f12f2

SHA256
4edc32de1d503fef27c1ca338a8e3d99b244fa26cfcb9aaf1914147d7b07bb42

SHA512
6c5fa930030bcf1f288c4f081b7934eabdd51f9831d7904e31e986bff59b7627de1946cd5474e1dee9d6549467feea31775368c373f483495eadc742ce8979d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6648ef1a5daa8e516987a59bf9938b0b

SHA1
19f5a42f5ba4da615d85ee1b023e0d4fda4e6874

SHA256
b8a369a8e7e8c21e179e9070a5c293b2981869e14c024f6025baf46d226e72d2

SHA512
8dc07f30f95d891d99017b7c436e739f5e8261cb8680bde30d0652fa5c9a8f61591e0cbf2bbf516a3f11aae21ae1c54410a49b75b078284b56ac15cf26c06892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
da24918ba6e3ca089700c50272d5e520

SHA1
cf325c79cabf25c53a6a76182f3041f687f2673c

SHA256
a4f2fb4d3df9a600b6a28b68e1c1502d3cdbe1aae0036d856c1b4c25c469b46c

SHA512
772f7c433156de31be5b3904333b4979f8dbe896b99ac22ffd03c47e786042a45ab472df6aaa92e4e6234606c2ec1302954befba181b4a9beca9632ce9b5dec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
ae86a6ef7d61dc39c851d80d92708d2c

SHA1
76ef53f82c87900d63458f12fc73eec8f86adfb7

SHA256
f22ef7df9a23a15e00a64387b8a1e5b25e59bd7b2204f950c6b36a49b8f27514

SHA512
f5d3bb838a4b4081c0edb5e18a68e456eedc1a8364b3c4c01013c2cab2cec987920ecc78a51d91af21f0c8affec7945bf37170d37efb73ea8979e6917976a7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
931B

MD5
291a79554a2f9413ae5c10747a8dd416

SHA1
0cdc982cb2b3087c07b7e553e751a2d7f0e3efe1

SHA256
4d60888242acd8f77a43557bed75b46408e41951af4b465da898a089295b2888

SHA512
6f1973747281813bb03dc82e0cdd0b1a3b04358a0955908d2271ad13a513c3388611b48311f4a2f1786ddea547ec28325dfec8c6274c56a0778ca34b649ddcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8354bd0d19069e948b5aa8d32bb26632

SHA1
5c8be1271212ec7270ddf8cc91a2ebbc263405ca

SHA256
5461fcede30d75d3f9f07b82e66532b563fc0e64478ac865f8999dccf4370f77

SHA512
3769da210ad229bd9bace20471d3719df44ba982e0421075d7b7a01de957ce6e623c21ca795ae26fd3023834ad8dce890b0195ed99cae5535f60c41b4caa87d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
18a1b089d63231658ae24002a6bbcd7d

SHA1
a5a76b7faa0a378c24221d127aee408a73658f17

SHA256
2a00127a2c245d28dd892c499ad8487147547d75e327fac134ea75ea9f801072

SHA512
8ae3e32b7bf36cc256502de15b4ccb5ac019b4de076808b2e383d55fc0efd42b786b96be2becfadb1fee450b8895bd078d346b8932065ac72be19925fe4f83b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b2ebc2c644268057bdf0b85f940708a6

SHA1
0bf3379453867042dd8a75db8b3f5f651ca50182

SHA256
c1a3b3619de5166d57ef26a1bcde4e3741bb23a11f122cc2921b026c120d70dd

SHA512
06a2edc632f73986393ce2c44d9e33e6149aa7e7b75ad70e99627aa88d3f60cbbd620b868ba45e81a4d25299c0bfac0d8ed91346ba1136862d4c6bb1cc294d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d992124b41ee170968698c41ca10cbf

SHA1
f0c7a584fa7171cdb87747bc3409a87a245567ae

SHA256
950611577a45739c84150651a2cc6807739ea6c0788518e2a2fe5990fc5a5fc3

SHA512
05e4fe351262710d60cf719dd5dfac0cbad650d3b1683fc4426fff85e1ef98fd00a4bd0791fd2cdbe8fcc773e6763cafcc09656f5d2c365af47d387e5bcf423f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8e53f538b17ca11ed3cbfce3075ad5a9

SHA1
0ea8a7111370f0e97db834cb5d1094b64b8b00a5

SHA256
6d1024cb06351f5838d36a0552d95d84e870d363e162d59095d35816e3173ce6

SHA512
335d102095ab61b866aac9d30a97226a366e5c77f95af653a0e6522a1b7c9eee6f2f36b30f6617b4ea9518cf2eb1150775f668ae5a71f0705f5833bb00b2e09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2f9019ec8516c85fb1fa70c09e5a355f

SHA1
6845925c048fb8b6c0998e30a1290dfae254638e

SHA256
b37429a0f9db934317ee03b1c07df5acac6395c9920ac4184956e0deb6ec9b19

SHA512
5bcdb9bbc97e87e55672ee159ea98524879a75bc540e1801b4cc104bf5300e85aa9ab1bd816c5fa34a0175a2d54dd80e7a3bae4dc5a1b3234f02a0afdb3c9fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2cbebb647841c27f8ba09b17d4a5d7a5

SHA1
ac617909f0893df6a825648bea868340ab3a92d2

SHA256
e9c0b1046450e558ed2698827ccfb2f36bad13dd02b3fa9a6964acfa3ec42c81

SHA512
81aabfec4198704f653f5b5d1c3ec4f60f3e0e520d2c161ab68acdc4251f712166040bc9e655428ea3a5706d4a74a5370b1b3a2f372510735657c6fe5eda51b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d3e4db4e41f01878f3b59b7b9ac29254

SHA1
a04e835c57f8e78bdd76103813949ac7f9a7fb81

SHA256
789f606726cf1336b4209af85c32f697268c22a157d4ae15dfe8c24fc31c0cd3

SHA512
9ffa3040d63055deb5fe86fabc71345c1e64c5b2b7c15cb494222acc8d69b29d526f462a6b0cda11ca5ee3385aad9f63af3a781c6de8149a8e8c8d0817850c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
13a92541c008905b87e1f28cc35920b9

SHA1
67a8f11e2d7e7e53b6aa533d791b072023143095

SHA256
a0023024a106a4f9b568d490f02c435388778282e12a45d34ae1d2b7d2be30df

SHA512
beb70a55584b3c47a363181d9097d59492b1a66f79bd35b51817ac34495f1546908df998d80f5cf4c7cf985ab289a51ad529a045ba9445cc9d6732ca5982ff6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44871544e020f20f5a2d75cf2dbd8953

SHA1
5970520a4c3e34c0141f7f6c7291d79c3a597783

SHA256
5b7dca7a771ab834e305b16ae5b9113c904ae0c8c28757ae0cd5599eee3d3b04

SHA512
c624972d882db176b964fc4ad548281f10a7397c5a0dc5f1560b275e670a3abddb2c75141fc780913b9dc791edec5f3c6cff7796e46b51f209b2d4a30c5b9a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f56edf01746e86bf3a809216f32f86d7

SHA1
ead3477a00b49250df35cbed5d8bca672ca8a2dc

SHA256
86d89176ad36dff0efe3f850bb275676251758c5695a51fd6aec57cdb7da45fb

SHA512
b741c591f5fdad771c7225e1a481c78ed17933f98759d9ea84cbb252ef8b8d725a3aca690f5a296e2c406c9222d1b675dea8be603e1a78cce116aa764e25a0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3257ab60464a9df8195610f1bd0266ea

SHA1
0a89032f49e6fb63231d108879162127cb8c4e0e

SHA256
433d9f025d49dc9daa69ee6616e89f4cbdfd2e5d1472fa708224c809bd6f73ce

SHA512
1c8deac6985a11649e92280cea36abc47fb546e069aa04cf5f3533410bce7e259fdc34e02d122d1febfa6f8a3ea714b2d46b6ed3fe26c09ed237c289565f0bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b73d92d12f1cf62a0a1f2a46372b9fb4

SHA1
d4af509b9b27a2fa51c7edb4961285c8a42c1a2a

SHA256
b81e4ef239899da5bd0ed5af3ce4dd3d3045233178485277fa7630143750069f

SHA512
9a6bfa3f7bd6abc36f2d33e71df4ecc509e5128af52ba92d7ba8eb608d9a30d400c39ba09b513058191f2feab120653289533ef6b043b350c7e6cadbb03d3796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ba49fd43718f0ccce10e24679a52a43

SHA1
e0a67dd006edeac312d6c2e9d015b373454f32e8

SHA256
46782bcb1a1b959030b3c9d79009b5c1fd7432a97394b43b0c03a568e73fdbf4

SHA512
f524ede65f6088db284a0a7ed33af2ee19b51594bff9554d0fec8f4d049d826b05ebff422031468583d5dc9d67f92b371ad63a256c42f4e6cc817a66c1fe7bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
18e18a0dfafcf24d99d0aff56c12d93e

SHA1
2db7debc933f82131bc055a1453abe0ce3d0b112

SHA256
0e016719297aef50be790e946cc4ffceabd8bf52d2d56ecf20c33828e6582fe6

SHA512
3de627d095834c33638160962b94d9e378c7b9742456f31137910587850a41904fbd3c0977d16d4396f045a692b7de2a9b96dea9be864138528430b560a62b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6df1a5b429b6de57910d0d558659403f

SHA1
9d4e186a881b094e81d6ceab2a3acb6a3c7441ea

SHA256
81752a498d0711d9757e0a24566d0de04cc4f0f3946a00d0098b6089e497a29d

SHA512
434a6cc93e5fd3a8cb963613ff69b614e5805eca399eed202107fdfb248f87e483d0b51fa1f64dbdde11fa3cc3e7f5fca9fb2442fe0aeb62094d6b2d3a125a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c8bb5cff6cf83372ae4f89c1160dce8

SHA1
205299a315984eab96705a13dbdee2912e7e267a

SHA256
15dc48e222c2f12d7ba61f83c3c651e5a23ceebec7f742efcb9c14751bfb229f

SHA512
bb070c23594eb897ec4aa9c89df09bbb218e3e8362b8c2fd6fbbae26c958c6eebbe9a81387727983035d7ed7916f38b970ee493fe80f0592198cc26bcb170bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a196a034c281be908b48044f070caaa8

SHA1
96f7a2fd3e231ef0aff9e51ca2d3badcb7ca5cd6

SHA256
a03785c554d52cdfb4b65f371581e3da6a92eb31a7ed597d1e0f637140c530f4

SHA512
5db218aac98979393ee1df9f1c0c681c65d0e66aa2c51bcb249718439784b181de3c7bb351fe13e054989a301737265901e8172fc33c521a08b3c0076453479a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
310d4b6a22a04372858eaa9790468a28

SHA1
7d744129f76ed4048412c0e6f8f2430753cf6152

SHA256
ceeea62a1474ffcedc71a5672e370ab1c2b425e7b69f643114fd0b236db8c152

SHA512
795e6145f46dacd5e3a39e65ec03bcd553c15070eb4f5ab4dd907d322efd70a5bb27242e5d2c631dade52c4fcf13b07f21597b80eaef0d355d5cfd01091e2bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ec185cc6a8a580af89730e1537f1a37

SHA1
5d25b7973b0f3fe6d984de2a9ad4ae8fb066169c

SHA256
9484ad2aa707f3316f8e07b51bd25a75ff9865529286abf902e5ea912fd4e059

SHA512
cefc074c0c74906bb3402851187409f667ad226682d603e5d0eadf538ef9984996f585f7729707536beeaa9688dd9740c3cfeb4dab291409b517cade426cdf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
564688243010204c40a6e91a006974d9

SHA1
549331ccafd95cc18a5823d5b7b3249a87ef3cc2

SHA256
c818f8ba318a930792fe5ac2a09b8c71cf8f65723d187f2ae704e77facc58f57

SHA512
03fd18ed84208a0093747716c98e99c365aa1eaa629f8754d52aea7e956a46e3f578cb1174855ef927e80c8d117761ddbcd81b76ce71e642988cdd9f3f8d27aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e72a688ad95dd73dbbd9fe9c3a6d9651

SHA1
6d68f7ba626f946712a9e6ee31b04e455f96dbf0

SHA256
5e2a1a06230199a3910255197110c848554e8a42abeec6e7a91cc0889bd9d27b

SHA512
fa0f221c8893dc5dfe2f1c1756b773e5121755e08ba4252d1ed3c5a0a434cb00d93361ee121d3eb06a00ef1007d13bc2258197138e775af8cd22fe7f50a2bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bcc46f3da48fbc3faeb4eacec4cd7d84

SHA1
952a13eec3a535a5aecdda5aebdf014babc0a3ce

SHA256
1d552179691d6bcf3da9b47fca4471b6ac8e60a9585996a95e6ccb41f5737aae

SHA512
985538c8075d90c490b730ec9523bdcead3c226eca4b96a46a4c2d89d33973a0056dcee7904c24b00e28e77be2840ee5c66f9171521a215a324a1af260eb931d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e560891db28e5aed02787cbde52ee90

SHA1
e6110db12074b7a97ee7565c815110556e74bb86

SHA256
fc0471c0fb3fdf7e5ac2f1c94171b4fd5fc9de1c647441cf92cefe8768a765c7

SHA512
167aaad8c34ae727e900a6252554e5985d34660ac5eb359fcbd8b0cdf0586a51a875015dfe9ba97a9e99d4fc83b1be7b3010ef9aba9237d5049f869997c66a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5958c94cca383ea41184746ab3c94443

SHA1
f0c48a6162921abefb078d123b450909a3e2b283

SHA256
3a5ce822fe78460865562c45ab3420631992197680b7d7501f3e2dde36a9efa0

SHA512
f8f31de7416de4087de24e2a1f39c4f99c6ad4311805c9cee08bc594b2284ad79ecb873abe94d87fb33a338b6d49af7030a742c7ecead41067dc4a9bf4689669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf9195f2d2413c8eaaaf6b9575c80b83

SHA1
6a6309e719b14d3e443af32be6c220464e49b841

SHA256
1fb7b488d58e21384f4f156ca12c4ecb3fffbb6760757a744a2fa9810f917ab6

SHA512
59456c8df1baf61adf22b880675cb45eeb620f749a9594172b4062135911e618018c700c3e9c6f169807480e9e10dfe9c082672b9669b18442b2043743985a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2695b1cbb677c733e3825244a8a90e73

SHA1
1ac09c44ec503bc1f69828b3c86c34b35a4babc7

SHA256
eab19d3f0c61fb00b68cdef782618983d59cfd22216e1fa986275cc2e4f39777

SHA512
0ac6ab9a1e215645d551123562ff508678547ac8e179264e6edef4092fda623fa34ed7d942a1395ea95085ba6b7e626fe6b16f63977fe1c5f14dcfec0d61eb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
fc0149c0bc220bbd767f565cb8d7e7a1

SHA1
63efdc8f7225e40854cb248f3317e0d741c8cdd4

SHA256
7225d4b66819dacdc6953a98b8d02b89e7d1fe74ac24db48099a7ef7f65ac873

SHA512
786d3d6c04913a4fa50caa5f67e121808a794adac4e1c861808e130c8e4ab428de40929977e97f33d8654d416020986fe86922324ecbdf48b6d8c964b4f63ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
317B

MD5
fc3acdf09178982f9aebba212fe99662

SHA1
1d00632f467db8ecc20e24f0ac523fb0c65d2cbc

SHA256
27965f2b03bc4046eaaf35e950cdabb4c2b89aad3111bb5f3cc8c5efa558c6df

SHA512
cd493be4b487248876b3dbea221760dcd48a2e21c6ddf1011451665203a5b1d33f9ac7cc353253da555e5f2496bada277c6913350b80238dec7e04ed4038f614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a5336ba464c8088b351d472c4ef594f3

SHA1
26d85a714e3615d6d406b9db5ab18439c2d0b92a

SHA256
439a2e9a641734190091cd97cebcce2ef1476880c8eb51e7f5dfcc7991c5cb86

SHA512
d9c681738311b39fc617f2138f5f1e8e63d3a13f743da0fa64086a0b8586a06a3a644d9232e234f2c2d5ddadf4bc78a6db85ecdf9070b09c9c361bf94280eb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377779991219250

Filesize
26KB

MD5
a9a719b88c05e621e6ad3d0f73bc2a45

SHA1
205d9ee9f480eb2030ce759e4326390a29661288

SHA256
6305e58164092ed1f7465ec32026881a00f6b76776210d01c6349ee9444eaeaf

SHA512
2b18b21d58e114a88f3e98ae38eb9e8df8ed871d8a4286710ca98c3bee291fd1e1b44b66f2cf775a8a06bea0a1deb6dae95bdea18bdcf9a15efff5a7efa075e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377779991541250

Filesize
1KB

MD5
5dfe76d6dec82bcba6b38bf6d220c7ce

SHA1
8a798fa829a5d9761eb93d62fbd9e9a86b3ae979

SHA256
b451c427d6d73b9139cee5ccd40bd702abd7998018c0b8f93309dfbfa5bcca5e

SHA512
2ce21aa38984e5b274099b89a3b205fd729c276f8835126cc71cd6c168256293c63fe6524af928d729978b8e669fc8ad8583d7395112e509be73a19717adbd00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
b8a5a92dcda65ae9778d8afc13a1b024

SHA1
03dc982218ff452472745c107d0911697f592823

SHA256
796468a252574764d0d3dae2a00953e56e47cc734e0d689a4e43baf9331bd51d

SHA512
11f1eab606317cdb3c51c8832c564f78c3ef82f0532b802b6e1a003177a2b0eb8b00f684dd837764c07ab92074b22d7b96ef176e10e63dd0539fde8afe41439d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
052afea0d77bcf3404afe0996264e424

SHA1
e9977e0f98c2a592327ccf4d760d07cd8117267d

SHA256
3c368d0e625fbbbfd729e3c6629977195e8ce7681743c7d875659b36bb645edb

SHA512
637be5536441dd0c112a97c30eca37a2fe7e58696d19b1c22e102c13affff6eb98daeeebc633f94123dbe90d6284588a76d3551ebfa4976ed7fb2fe034237caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
83a344487ddb676f020236cc68faee9a

SHA1
df7ff9174d58eafec77f6407d416d033f1fa5c29

SHA256
c11c3855510f608075f473e38387f27be8e39729b005830d0774bd99e0be4fcd

SHA512
7f39f2bf8e94a49ad056c7efe3f2fdb891b4bbf61f7133196aeb53005884cb1acd6e143a11f93e8b3a4c72e33161a8c73df920f91b053e53094696df0229564c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08cc9e105d799fa29a0326ee6feece95

SHA1
27cc23988c06a5c276aa7f2b322b2f4d6bc0e7af

SHA256
ecb44bb58bc217be87bcdb20058dd338da0188ac4d88f44e15faf29c63b9251c

SHA512
f2f85997cda56f9a0c3edb43b2e22db8e65dae37be994a35736e17331c250d8287808a7b9b055394844761f1d2a7493658da3691edf7816c8f93eb268eb6aa1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7725f7ea89d9e5dc5b5ad84bcce7cbcc

SHA1
3dccf24a7f1feadc1fed87081573924aa1ce86cf

SHA256
fabd0af558d6cb64f35f9a9b9bdd1c6b6e57f66220c7af71761a7d51c491fd24

SHA512
f1f0daf77657afab4bfc69ba06f7d6b51ff5d2050172aa77d4e75c991035c368071e6d7db8ccdaef21a67b1dc46f408d6a730463c57ab404af1eb3650d57abba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5fe40f3b5401504694fa3c1d68b49d0

SHA1
d5d8bfbc8828a483992acb538aed108890ac21be

SHA256
b90c085f077208255be1a3c0ccf32bab38528f3ed4ac0aa039b6fcea4eded1bb

SHA512
b6cf490708c62a08f3033bf98d89aef36458264350973cf2b47631f3389bb8e67348b09114453b211fda671c34041b51df64edbcef40f2eeff6fb35e3db74333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6cddccb92218362172c8ec8787664b4e

SHA1
b61c92f5d4ae510993b338fbb18f0c84213529e6

SHA256
478ee699efdae08468a509de075658cbd49e8744c6553cc41a64e363e27c68e1

SHA512
1e72ed00e6c9f75ad1e5a5a7b9683ce3ca39756e00a7f074c421fe4c08d5dea192f376a083c58db0628d54f3d31696b31415767ff3d79bb936d547518e4c4d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60b896.TMP

Filesize
706B

MD5
8fcf0ec72b59606f0dbccd0f756d8acc

SHA1
b62b7cd2ff86414cd038a06f744e42f3caf43e26

SHA256
3f610aa0c974b2e8a732387f2824a7da577228efe07a598fee24dbcef3a67c27

SHA512
3d79ce7e484f8b03a7c8c9232e69e021876856ad16dc38b1653320f482a09142c7f231a32be111133fa584823620c50175fa4447cb3c25b67a6def6e48b86820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
813c9e0cf5f4fd548eb33699be2356f2

SHA1
047615b3fc184246ea13df49d8741c1507cb3e36

SHA256
6382cda118b3bf22092ad157ea515bea9fa07c9a3872d66d546be6458c48a5ea

SHA512
a74a5430a69430144081fac233f5cdd7b8e8e8adbeda1ea4948ac6ca065267aba2e89f24c5c4b539431e4a6925b35845ecdaf98b5273491d974dd667cfc2eb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d65bad40-71f3-4a17-8638-61bf223138ee.tmp

Filesize
6KB

MD5
b662540884ff89f43243bace9b9473ec

SHA1
64609c3b06e623146179b2059f20dacc3d0f8acc

SHA256
a2a583a944acff50023be0f94a2f66af938c98374d8b7651e3f3d49ef36ab018

SHA512
cec270d120b3ab2124babc441e0967ad55a2312a20f345fc16c15460a58855c01b98e17b092ca1cbaf32681024670499f2d1c7244c1eddfb06b60c2ea0a4cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
c5402600eb0ed6bdb9fdaf849916cd88

SHA1
cc021a0f33bea0549e0d172040bb0658305c1963

SHA256
80a0ed9d099a54097eefe8d26d4789d4ac14c8e4e3a9f3e7b603daf88d6e2e97

SHA512
716ae9c01ed4f6d1583baf05b3b2ced7011164c7a66ab38e558f5a45cd0b27ff0065248d1694579f3f9e28a9d7c22b9f4249c059b543afbb6c88e9869ad05699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
fe3e44f77427dc37512b30fa56541f3b

SHA1
789cc9db663f2955d4705e8017865845628e13da

SHA256
a677d64a9b2292059772805ab7e537d91d94953a3262c0cba62a382829828573

SHA512
6cea9920b15f1216dbd8570d16b3119814f67e5f5c9be642668d57948b59197a94319c851f82bed3c6e56c2447910aba4ad9244b33e2d365cbf5417402631ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
2c9368b208c0f912962a6aa1326fa950

SHA1
4c9bb37773a226d13c31070906436f86e3b553d4

SHA256
03e7e13f9eb70b4927d7770e0cb2e928534bc5759d10e96994f89880c9f2ff70

SHA512
ccb176def3fb16209385f0c0d56360bee5ff5a70ad2a79f57b3d6d0075a2e9b322f5ecc19e0a252b357cb7115c154f8fa3b76440c9ede3b60204d04772ba3d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
cc270f1cf6985e866e7ce2f79e6e7089

SHA1
6ca41ab823451fecdac80d258db156e80c8ce413

SHA256
ad49c2931dfe7fe3b745321abf7c5369c82050f4e44b188ed82fafd45bb50e2b

SHA512
87e7250bbc0276f58b5d7f9caf5229de1ef4168b0fb56974c4fe1790df833c0050c9a7a2648ae79a60afe9e2811f342a17ea78fe10a8b892417d5f0db0ff8adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5e17c2cf7f955713aaa77e4afc203725

SHA1
341fc2ddfe925857213c5f56e236d5ddcf14b7b7

SHA256
fc89d75b27dbcb801bc70298759158f3b5c83c056a21d5ce08a15507af7a1384

SHA512
cdab02eb746f159a0a66f2ebc69f5cd68de2d560577c939bbbb979b9923741fee624f8e907232ec562e17115d8e98ba9fe6f9bd3c7eacf0c22634224c93bcf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e61d7dc58b73eae0dcaa99d1f1ea2957

SHA1
f405c98f9cde941461553e044420e95ccb38d10a

SHA256
47ce936d3d3c62ce39605fb48a37c9e6614bcdfbaacddc13103853e6c09402e3

SHA512
54d3cccd675199f05f57c712e87d1e840582290ff77090cfa24de36b1354fddd7f5d6e3fccbdf03c735cd621e75abe1e69146ee60bc4685e2abfa679668644e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3f0ae24b30d7f538326727cc79c4aeec

SHA1
670adaad3f3574fa2ee0c728510490fdff0d2437

SHA256
affae5e0b69644b6ecac41dfc63857deee5878fe0abb990f7355f2e71062bbfa

SHA512
ccfcaa9578721d34371c129c1a41e91ed5f8302b06b8149e33aaf67c51b787e92eb05ca6b7160554a75f80ac53b825d55cd76bf19650a899fbe4bc39049e1750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
301ede10cff8e81eaa696c1e90a65617

SHA1
5d9e5dda8d005224dd68c04d9aa0e04c8a5efe61

SHA256
45895b29e696c9a6ce22b00f86009b9d679b3c1cc990c47902c0b35ccd4ae896

SHA512
d8a5ba8ddb2ce66dad37eccd152d382adb50ff946dfb6462d269592ff1cef2c25cad2bf9b9db6891ccd3e5d0e1d9e9eae3833ed4ca580308d3b284fea0142744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
298b282b60f9f4d7d34ebfcac52ec0e4

SHA1
374033b7641840e857edafa38beb42e78cf8d358

SHA256
e59f4148eeef8877fc56b060a9e7ab0d6b7b9290ca72cc6a2cf86e0136881a07

SHA512
1ce5ced1ae01e480fada8c27c0c52994b1d82a42d325507b7e99a256969c815c759082045e32f74ab31478decb0e177e46e3039d13c9732acb1973cafba2cb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2198007b57874d4d565dc2382f765c11

SHA1
d844f5873f90cfcca942a7627640f26683ddc74c

SHA256
e5a215e18011552f1f09f2ce3b171bc94bf8c54b5ca300d7dca4f62250429ad3

SHA512
a27eea2d2e8f0a7105c38fd5dad89ab6217fa54bafb3ee44ce553e09567167f67ed5bfd53883344a13f2a0cd6960bff2a456b42348c10bf2694f5f58d71d1ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90adeaa36501951c33c666598ce0a398

SHA1
776671d283536276e4d7589e396bff0d686c95f3

SHA256
79d51456fd89b773516c69f74ffdbea373f08755b9c7ef5af44ddf5936e45e87

SHA512
71336ab0c18393934e221c142ac1f09643fd53520da64c0b0f1caa0251efd072fe7f27d55109db54e2ce4e13e759063c6bd039deba7a71ce9fde3d05cce78e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9e616fdb9c0a3f46d29b1074ca14e03

SHA1
420427da47c8a023a953f4ddfc018186187933ff

SHA256
46d2e8601bb349b4cd5ab4aeb3f04ffd4fa543b9c3fb6db79612b351d85b7a6b

SHA512
65acf836305192363f442c678ffa7d1a01155d00598ae0dd7dc676c5e9191e4f6ef1598e99698c9fe5a4b13d5298efd6284ca5512a29e81db2d26a521340da1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3a25bf1755adbb1fd9838879d95d2d6

SHA1
778931b88c275ef128c521adc5edff21cacf32c1

SHA256
92be0179e1256cad6ca7b46de62eac90befef3d4c237976928043c77c8b74890

SHA512
b89f2aa2ea374972e7e89ca2daec6d4d38fd607e5f114ac0c5608063925c3870b6e1aea308fb7dd77c4089f8eea6a84dd1b31ea3891385b0350f3035c88e50c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1a9e9a5c12a3250526a23926114c9f5

SHA1
6cb8d28043137aafc8b1232702cbe61e991e3f87

SHA256
8a6391681948902599a09a8789e003e647d13976843af115453a7d626ff5d030

SHA512
409c1d05618b216812b2b450bf270e18b47d5c4f5c24228863f340b67b35844ea5cda5ee0be09258ad78b2b14a878a706645069f000a6aa7b72919ed57fbeadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43b955a51afcc0077cf2b7013583fd88

SHA1
3ae5d3873c90d27760de8e371655e1b471d6a00e

SHA256
2fea3091c734bc8babf2fb9585ab5086052723f53f0757b902933333e9299966

SHA512
ddc61d03a8da7b00680db846596543214fd6fc49ebe7af6e33083b716519de484552d0388abe584b0676944303d27eb0f2b39e41ab776464dbad110865b27eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
4eeb4017f7a4e25f732735da70a3497d

SHA1
5a29cb9cfffaada28271506af1f2535c48604108

SHA256
f07c062a5f7f4831231fb8036fadccfe414c6e227f683eb356843a1f70109ab5

SHA512
916eb0d1e5dc46c999a0c8f776b3cf3cdcb8d1541eb75a7b5cee5fc8c2a9cf3313cc1bdcbbcf95c3975f71a3018bfd79736506b137a7e262d6bdc08d40f198e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD43EB.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbB325.tmp\LangDLL.dll

Filesize
7KB

MD5
9888fb6b91a680305b2a3e7b71d6561d

SHA1
4a7935da38f88e9f74f425078ee39eb6269c4e63

SHA256
81726604d47b192620bcf90d6e42ba8ee8b4c54935b0081655e08247d6b6c675

SHA512
f50755e5624bfc3a60a23a7dda012509c1e31d9772d6a0ccaca88e32ae8d4602e10e38003d78b1626464502db7ea7c47d772efb7b3ea7c3e2238bf3b9809f833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbB325.tmp\System.dll

Filesize
24KB

MD5
d997606c77e880be2744c44128843d60

SHA1
92bb9003dc14ae03963f503e82a668877ca4295f

SHA256
abb2613ff851b2cbfb61bf97e4eef9d4912abcb46e04774ad84812ab75d4dde9

SHA512
714d7ce786e9fbb6f0d0e537a146a3a24aa79089669dd168b7c110dfba667fa7afb794b3dd2b93fa76e1d1771af3347a0f568cbb0fbcc8d9755de9e6e54382b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbB325.tmp\nsDialogs.dll

Filesize
13KB

MD5
bd0d7a73d0fc619e280372587e9e3115

SHA1
0cde473dda5d4fda8190e6460f3229cae2571af5

SHA256
c7f2afe3a2424e71563e69d862dc027d299d84fba4ac1ba11e593361daec0a80

SHA512
914983bfa336f9ea019bf5dc9ee403af56a6c7c1d88b8092609e4026a3377daa6ef9a8e51a93537f6769ae165c264763645a363fb6a89f8689f59caf985c18b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx70A8.tmp\System.dll

Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx70A8.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
8383ed0200c922d8d27225dc4308395a

SHA1
fa5624bfafe534103b45e1ca6fb0fb143dafc2b7

SHA256
17064434914012847bc600c248c95b4b8dd5ca99ccaaf478f14bf577d5c3e671

SHA512
946d62c41a014f0a6217441c6abc73070933ddb5135d54c8e2a9ecef37021fd68e27c4e190888a7ad29fa55c9987091cf12dd6862852844128385e281fb79994

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-store-menus\data.safe.tmp

Filesize
245B

MD5
4739996064bc69a04af122214e11dc8e

SHA1
862b1f36b4d700a5d9d5caf12099f0a28f697cd7

SHA256
10d1811fbfa9bab315b60f991ca0370d3e250ff0d5f2a9e83f8f838ec14ad120

SHA512
d3aef729c70e0f7ce3ca83f88b1f70f4c0e5cf1be154cf37f12174ddd50a92a8b7e65b8cca3af81f5d4a238c91c83ef20c9ad0eb041dc2f8ff2dbbffc3501e52

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
16KB

MD5
6fe472a26c43f1adf0d7c2cf118c85a0

SHA1
d4c342cc01a3450943fa3cc45b8cb58f4b430334

SHA256
11e6bb71fa05ad054d5c532ef489b1587edcf2f426985b3e1d74eb821ad33852

SHA512
705205d3348de54acd13213835a111857a9bcfa41f613346e0f6b655c0297382000edf9c14511722e8b47045d09d68d7c2a6ce16c9c6e5b9c70c790313ddfc09

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
7cfe5dc418e2fd3e61e8ce1468d6e612

SHA1
f2d0b7900097f5b4df0917c16c7cfee709cc7edb

SHA256
1dc952c840224ed5b169db5992e676b1e8eb8a8412bc9191f5d4b6b7939d6124

SHA512
7042cfa789ed02b7118b36b99b2dc2567793645bc938bacfbcd9819658793fcc93bc9a2c3ed2629af563cd46a216bf1ca54351783c998be5b24bdc03297ca847

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
654c5754f74c7ab1a33e12eddd35a321

SHA1
57d959940a28e57a02058b2aeb630cc1733c5f87

SHA256
fb58fd62dd7ff0b40a14105fada6bc58cd9b15a72f21d644e3e60b4871a74e26

SHA512
cbd7f9068fe6e2751140d7c6d800dcacc846c636ac15fef6c8f53f6f7c7310b42fb904b65eda3833d0a2c45d844db6044cfda242b2d260858cb0dca96000d984

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
865B

MD5
3999768404e7d2606e1036a8e4a8511d

SHA1
d8155f0e7f2582c3c271620ce8474b2dd3dd3ee7

SHA256
a026d5190299a0d2d5d078505cdd2060b9695c9886b1023de5c885e017b13403

SHA512
616729df2cee7dda47102539edec8907dd0e6f37e29cd65b2ceaff4e55bd8028ba70a8db5f4d7dc98bb009df44b6f058d047b0273d36df1ef1a547633e4662b8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
b9f806be7824fdf8cb25ba117d063445

SHA1
c4da03d6be5ac5570fbdcec5d85b3c2c98b1311a

SHA256
2411dda0fa776c660e3738c9df7694d5c56c0b76936f51c7c8b94b011d7b417c

SHA512
3dac957877fa2bd32bf3b18f00b0eadf55c744694785353f340da0844f77c49db637f4525d1bd3b3182f8bb737840ecefbaeb6c6f7f064a2d43d0170471ef916

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
8f5c51dc9ba4d79579a7a60bb672f05c

SHA1
84fab37ef952742f5a2eb095a2ad993e25bb9428

SHA256
2406279adc85916bb161ed5b67f5d85c5168047d61414615b25592b783d646fa

SHA512
45e05aff42f5cec0c4d2e1e36a8a367f340d0337781906908a88184d1822ac281c2f32c6fc8c5cfafa4bc553a9bb3e404f53007d308f859915f2f820e6220e75

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++4bf6e1be-74bc-4bc2-b72b-3ad7ebfec287^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
3956466ce8c29fb6940975c42ef06923

SHA1
34de66eab23ef2ad1cc063d45e5ec320488c283a

SHA256
0ad55e600b871af7d8345d94e45a584a1a78b9752c48468b198326c48422030c

SHA512
eb10479fdbbcab96cc55b13ee617ce3b96204df9376e0c3d5583002ae486ecce1b338de1fe56bb9dfb0d95bc0b41ff4cabe8058478aff5bf543e55776ff9d2db

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
136KB

MD5
cc6062f695850652aff68b31f334c644

SHA1
161ba8af4e2cd6356453ab2ac4974eaecb53b7d6

SHA256
c1128230de03704b7421a88d5208258a524a44dad953eabbdf5b334881228da9

SHA512
4c7061bfa8f709186bc12147499d016ea7fefa6487f30e940877c22566b0b3a31714a2b9eab79d9dbc473a156ebe1148030edab58432fbecd43f4113d56eacf0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

Filesize
2.8MB

MD5
807c886b9f2b3eb6907009601609d1a9

SHA1
197de0c9baaa09cc61f518a842da01158b47f7ae

SHA256
4cf585971c83624c866034b826678088f2f0270d01147ab6c1668252043800f7

SHA512
a400ed2f911537851db7cd4251900a3af5b2d514820a340ccaafc9781d073035d3aaade28c1512161f4406af5cd1f0b563e8c868f82ad6041750f9e7a9818b0e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
14.8MB

MD5
1cc07e4e4b00d15c7d9515beac4b8f41

SHA1
3570f74832eeabad5dd8c6ff349b8a52206fd9bc

SHA256
68644280cdb8ca98a819e29012fdebfc199059891193b3ea49df5c942edfaf37

SHA512
d26b5a7e91409416a44bf6861899c1357849dcc76ef63f5188fdd19aeb2f22676d6794c6bb8546660f86d07d2d7bb7a1041262dc25b41b2aba65abdd3d882b12

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.tmp

Filesize
493B

MD5
d93a73d948d50b974a413f421c29f8b9

SHA1
3f88084c1aa91281c8a36d1978f95492a0a588cc

SHA256
1c7f544d701123dfb9bdef5623e0fa2483edb3d4125491f95cb2441336ad9325

SHA512
b8420d9afb6ef28eb00494de9fd74b6a2929fc4063090b2838e6afed23e83707efbb23b745ec34a8f5427ae323881f770e733d8edc6f4d16ede0aa1a30d5248f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
3b4fab842371bd6f28494a288a339256

SHA1
cfca591cae4bfd28486e5a23b406e8f12e408942

SHA256
ddc7a6c3a4b50d23daffe8e364c575fd7df9af9711b14d153b09553ddd3670a0

SHA512
90f3de43a01853d0029e8085f2107b3640074aca10ba8ab9f73648f203f270974fe0ce4df882ba9320c2aa18e2048c058bd82d7816bda7bc94a8baf333a05132

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
254e4dd0b56ce81c90356ef66d49319d

SHA1
379168497b952b09b3c9cf4547e30faf063d7b50

SHA256
d6932e36d24b8fd0fd53854171b0521628076234d8501ae51bb26c7e18654464

SHA512
738014a327605c12ce2f00686c0988f4fe56554022f687777f17981a9a54dea41dfc4d1a57d8431d6039fada08b32d1d8c34d494b115c9dc024e68e2cb48aab5

Download Submit
memory/976-1056-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-1058-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-1059-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-540-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-538-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-539-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-541-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-1057-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-537-0x00007FFC58CD0000-0x00007FFC58CE0000-memory.dmp

Filesize
64KB

Download
memory/976-542-0x00007FFC56250000-0x00007FFC56260000-memory.dmp

Filesize
64KB

Download
memory/976-543-0x00007FFC56250000-0x00007FFC56260000-memory.dmp

Filesize
64KB

Download
memory/1372-334-0x0000000005C40000-0x0000000005C96000-memory.dmp

Filesize
344KB

Download
memory/1372-331-0x00000000059B0000-0x0000000005A4C000-memory.dmp

Filesize
624KB

Download
memory/1372-330-0x0000000005D60000-0x0000000006306000-memory.dmp

Filesize
5.6MB

Download
memory/1372-329-0x0000000000B20000-0x0000000000C4A000-memory.dmp

Filesize
1.2MB

Download
memory/1372-338-0x00000000092E0000-0x00000000092F0000-memory.dmp

Filesize
64KB

Download
memory/1372-332-0x0000000005A50000-0x0000000005AE2000-memory.dmp

Filesize
584KB

Download
memory/1372-333-0x0000000005760000-0x000000000576A000-memory.dmp

Filesize
40KB

Download
memory/1372-536-0x0000000007850000-0x000000000785C000-memory.dmp

Filesize
48KB

Download
memory/1372-337-0x00000000068A0000-0x0000000006906000-memory.dmp

Filesize
408KB

Download
memory/1372-335-0x0000000006310000-0x00000000063AC000-memory.dmp

Filesize
624KB

Download
memory/1372-336-0x0000000005D40000-0x0000000005D58000-memory.dmp

Filesize
96KB

Download
memory/3920-1353-0x00007FFC91C70000-0x00007FFC91C87000-memory.dmp

Filesize
92KB

Download
memory/3920-1371-0x00007FFC89760000-0x00007FFC89771000-memory.dmp

Filesize
68KB

Download
memory/3920-1373-0x00000210CFF30000-0x00000210D179F000-memory.dmp

Filesize
24.4MB

Download
memory/3920-1350-0x00007FFC935B0000-0x00007FFC935C8000-memory.dmp

Filesize
96KB

Download
memory/3920-1351-0x00007FFC926D0000-0x00007FFC926E7000-memory.dmp

Filesize
92KB

Download
memory/3920-1352-0x00007FFC925A0000-0x00007FFC925B1000-memory.dmp

Filesize
68KB

Download
memory/3920-1360-0x00007FFC89E20000-0x00007FFC89E41000-memory.dmp

Filesize
132KB

Download
memory/3920-1362-0x00007FFC89E00000-0x00007FFC89E11000-memory.dmp

Filesize
68KB

Download
memory/3920-1363-0x00007FFC89DE0000-0x00007FFC89DF1000-memory.dmp

Filesize
68KB

Download
memory/3920-1364-0x00007FFC89DC0000-0x00007FFC89DD1000-memory.dmp

Filesize
68KB

Download
memory/3920-1365-0x00007FFC89DA0000-0x00007FFC89DBB000-memory.dmp

Filesize
108KB

Download
memory/3920-1359-0x00007FFC76BE0000-0x00007FFC77C90000-memory.dmp

Filesize
16.7MB

Download
memory/3920-1366-0x00007FFC89D80000-0x00007FFC89D91000-memory.dmp

Filesize
68KB

Download
memory/3920-1367-0x00007FFC89D60000-0x00007FFC89D78000-memory.dmp

Filesize
96KB

Download
memory/3920-1369-0x00007FFC89780000-0x00007FFC897E7000-memory.dmp

Filesize
412KB

Download
memory/3920-1376-0x00007FFC89820000-0x00007FFC89AD6000-memory.dmp

Filesize
2.7MB

Download
memory/3920-1370-0x00007FFC89270000-0x00007FFC892EC000-memory.dmp

Filesize
496KB

Download
memory/3920-1372-0x00007FFC84BD0000-0x00007FFC84C27000-memory.dmp

Filesize
348KB

Download
memory/3920-1368-0x00007FFC897F0000-0x00007FFC89820000-memory.dmp

Filesize
192KB

Download
memory/3920-1361-0x00007FFC8A2F0000-0x00007FFC8A308000-memory.dmp

Filesize
96KB

Download
memory/3920-1349-0x00007FFC89820000-0x00007FFC89AD6000-memory.dmp

Filesize
2.7MB

Download
memory/3920-1355-0x00007FFC8D760000-0x00007FFC8D77D000-memory.dmp

Filesize
116KB

Download
memory/3920-1354-0x00007FFC8F3D0000-0x00007FFC8F3E1000-memory.dmp

Filesize
68KB

Download
memory/3920-1358-0x00007FFC89E50000-0x00007FFC89E91000-memory.dmp

Filesize
260KB

Download
memory/3920-1357-0x00007FFC84DB0000-0x00007FFC84FBB000-memory.dmp

Filesize
2.0MB

Download
memory/3920-1356-0x00007FFC8D5B0000-0x00007FFC8D5C1000-memory.dmp

Filesize
68KB

Download
memory/3920-1348-0x00007FFC8DCB0000-0x00007FFC8DCE4000-memory.dmp

Filesize
208KB

Download
memory/3920-1347-0x00007FF725700000-0x00007FF7257F8000-memory.dmp

Filesize
992KB

Download
memory/4120-1341-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4804-1323-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4804-1320-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5024-1332-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download