hxxps://google[.]com

max time kernel
500s
max time network
502s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2023, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	torbrowser-install-win64-12.0.3_ALL.exe

Executes dropped EXE 26 IoCs

pid	Process
4936	torbrowser-install-win64-12.0.3_ALL.exe
3676	firefox.exe
844	firefox.exe
496	firefox.exe
1452	firefox.exe
1764	firefox.exe
4428	firefox.exe
3968	firefox.exe
2748	firefox.exe
3436	firefox.exe
4812	firefox.exe
3916	firefox.exe
2800	firefox.exe
4504	firefox.exe
844	firefox.exe
4808	firefox.exe
1744	firefox.exe
5288	firefox.exe
6036	firefox.exe
5340	firefox.exe
5284	tor.exe
5528	firefox.exe
4528	obfs4proxy.exe
5948	firefox.exe
5748	firefox.exe
3200	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4936	torbrowser-install-win64-12.0.3_ALL.exe
4936	torbrowser-install-win64-12.0.3_ALL.exe
4936	torbrowser-install-win64-12.0.3_ALL.exe
3676	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
496	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1764	firefox.exe
1764	firefox.exe
1764	firefox.exe
1764	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
3968	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
2748	firefox.exe
3436	firefox.exe
3436	firefox.exe
3436	firefox.exe
3436	firefox.exe
3436	firefox.exe
3436	firefox.exe
3436	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
2800	firefox.exe
2800	firefox.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{12B495A7-C0DE-11ED-9F77-DAE3AE61CC88} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231031684184972"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	torbrowser-install-win64-12.0.3_ALL.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
1452	firefox.exe
4528	obfs4proxy.exe
4528	obfs4proxy.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeCreatePagefilePrivilege	2056	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1048	iexplore.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2748	firefox.exe
2748	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1048	iexplore.exe
1048	iexplore.exe
4484	IEXPLORE.EXE
4484	IEXPLORE.EXE
1452	firefox.exe
2748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 4484	1048	iexplore.exe	85
PID 1048 wrote to memory of 4484	1048	iexplore.exe	85
PID 1048 wrote to memory of 4484	1048	iexplore.exe	85
PID 2056 wrote to memory of 1720	2056	chrome.exe	88
PID 2056 wrote to memory of 1720	2056	chrome.exe	88
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 2136	2056	chrome.exe	89
PID 2056 wrote to memory of 3676	2056	chrome.exe	90
PID 2056 wrote to memory of 3676	2056	chrome.exe	90
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91
PID 2056 wrote to memory of 4200	2056	chrome.exe	91

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://google.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1048 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1ce49758,0x7ffb1ce49768,0x7ffb1ce49778
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3352 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5260 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3252 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2788 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2468 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5752 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1052 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5944 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5904 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5284 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.3_ALL.exe
  "C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.3_ALL.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4936
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3676
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 --field-trial-handle=1808,i,11420305931114408699,7444664728489023126,131072 /prefetch:8
  2⤵
  PID:3700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x51c
1⤵
PID:3924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1488

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:496
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1452
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1452.0.1463902148\1255934608" -parentBuildID 20230702040101 -prefsHandle 1544 -prefMapHandle 1536 -prefsLen 22300 -prefMapSize 228100 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1452 gpu
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1764
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1452.1.664544151\2037518042" -parentBuildID 20230702040101 -prefsHandle 1804 -prefMapHandle 1800 -prefsLen 22300 -prefMapSize 228100 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1452 socket
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4428
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3968
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.0.1783399245\2123278224" -parentBuildID 20230702040101 -prefsHandle 1952 -prefMapHandle 1964 -prefsLen 22722 -prefMapSize 228120 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 socket
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3436
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.1.1090290201\273448784" -parentBuildID 20230702040101 -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 23140 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4812
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.2.462567130\684099152" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2636 -prefsLen 24454 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3916
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.3.1165910433\2011338669" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 25599 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2800
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.4.2094073982\1992339166" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3228 -prefsLen 25676 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:4504
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.5.1746126156\1775049822" -parentBuildID 20230702040101 -prefsHandle 2748 -prefMapHandle 2776 -prefsLen 26544 -prefMapSize 228120 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 socket
        5⤵
        Executes dropped EXE
        
        PID:844
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.6.799470820\4701639" -parentBuildID 20230702040101 -prefsHandle 3544 -prefMapHandle 2972 -prefsLen 26638 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 rdd
        5⤵
        Executes dropped EXE
        
        PID:4808
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.7.1346369298\205680229" -parentBuildID 20230702040101 -sandboxingKind 1 -prefsHandle 3912 -prefMapHandle 3928 -prefsLen 26702 -prefMapSize 228120 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 utility
        5⤵
        Executes dropped EXE
        
        PID:1744
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.8.5294394\1720445236" -parentBuildID 20230702040101 -prefsHandle 3900 -prefMapHandle 3916 -prefsLen 26702 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 rdd
        5⤵
        Executes dropped EXE
        
        PID:5288
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.9.784535478\41709186" -parentBuildID 20230702040101 -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26702 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 rdd
        5⤵
        Executes dropped EXE
        
        PID:6036
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.10.566200968\1515104792" -childID 4 -isForBrowser -prefsHandle 2864 -prefMapHandle 2024 -prefsLen 27977 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:5340
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:1ca715fe4a717f7f601d715cb1ea6bf4299850bf17abe7748a522b84f1 +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2748 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:5284
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.11.1121276545\1304220073" -childID 5 -isForBrowser -prefsHandle 3032 -prefMapHandle 3696 -prefsLen 28104 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:5528
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.12.590995130\478853308" -childID 6 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 29288 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:5948
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4528
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.13.843993769\1199557842" -childID 7 -isForBrowser -prefsHandle 4604 -prefMapHandle 4648 -prefsLen 29394 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:5748
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2748.14.57943581\1101044745" -childID 8 -isForBrowser -prefsHandle 4588 -prefMapHandle 4604 -prefsLen 29490 -prefMapSize 228120 -jsInitHandle 1352 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702040101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2748 tab
        5⤵
        Executes dropped EXE
        
        PID:3200

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3884

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
28KB

MD5
a56d2548ef3804c5af23053aa2428c41

SHA1
55b2b9c57d6e7fd29fbcca7a67c70ff9da54f84e

SHA256
417e054e6b71cb8eae643f9f6a6a335f7ced70080f2245ab5fe8adae00e1c7d6

SHA512
0f60f6ac1e56370e746b896dc9dc7578a6837f3302d4b43a4b12522a848511ad98bdac0aa6f9d18bfd0cfe3c4d687e5c6ce6972f5a756f2a3c913d16b984f853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
1024KB

MD5
19d40b230003cdff2e07eae8ff3914cd

SHA1
21e57e2ab8d24400a977ecc5bc0cf99315a6cd85

SHA256
3e2fd611228acca2857dc9243af15f5598ad4051386b022300486ed1b0f018dc

SHA512
f1349a0458f52f3f6f27e15e59a90330028f5d7bc52447ff59fc675f88f0160e223e168f1b87beaa5bdcd96ad7277df8fb792dfd82b714541e842d04d5fcbfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
912KB

MD5
8be6ffcbb5cdb108232091fe9a734a18

SHA1
d535a1eee42b8844d05b3f1a8c7108dfd91341bd

SHA256
910cef999a5cea9ef21c8bcebb31d234de9a6a019d557125c8eb49f5d0191b9e

SHA512
2550920ac07e79d6ee2cbea643516906c19cee0ccaa3471126b361b1c0fb8934c46129b88ea1d0f661b4357d37429548a39448c037c8b9b4794b05cd4a28313f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a7ce7f5cdf59688fbb1d560477350d0f

SHA1
6742d19d1b365b03150f9eed62bbd6ccb9592ed2

SHA256
f47d122b7d8dc2a5be3841584626fc9130698582cd49c6616a2af5d5e6da836d

SHA512
9a8e296e27af190ea4bf9b61277486bc0f363eb88cb180ec8ae74373cbe72d181e0a884daee393fa43dfb247139cacbc2db065492fcd60ecc6abd521b654f3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8240aeb3baad8b8ede1db4a061819eb9

SHA1
74555fac03b313b31d50aa4987a1a01cb5f7a049

SHA256
b402ee55b5a0e14e07dee54dfd4b2557619dbbe52d6c950985220c88aa661c41

SHA512
6078c41e4b3648b5eabd51d5af0857df8256f64a2c6ab2b41efcc3e3432c83d09ea710e654e1a80509d15cd1c29b5db12bcbf38c977f4297b8c52ba4c3d2100f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
65a4ae9ab7fb8cc481b5a10f85832c3a

SHA1
a888ed0c1f3d57610857228eb19fb9d9025ebadd

SHA256
4964c646b7e6e13aaf04c62a6ffc6ef7628010c4272386e786c77ce66554bcb7

SHA512
9dfedf5f4bbcc9019f1155cce6e7fe5a9c5b44deac4d0f9eb13ab4780f74a33870d0b2e8a8a267052091c3f582efacb1cb2310b4462ebb63f290bbeb7f2458a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6dcbe5b63cd77e9303ae5978aafc174a

SHA1
17871033dea78fc61675a842b75ae0052bf31f0d

SHA256
f08d0ebab4fe3ab9a4620581e59838243a76ad11d2cb24a8d6f6b02f5db5007f

SHA512
266df31864bea6750f35b37077c5b061ccbdd4a0934e72b9b6747dc3ac144d6a5fa7608869f3e3d7f2ff703acd85731e053c43175921db8bff0a4cd4e35d70c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3e4d06f58ef73452ef4b517472a95570

SHA1
17483e7eefe5f0a7a1764f975569ee4cfb186c1c

SHA256
d8bfe693ba6606b28e97a46bdedb7b4672037f53159d8e87933d14252ad4371a

SHA512
2182b36ecddd6de06fb0ae6310d4d10a766d5f51eed7eb8ece005da004f11c09f3ac30e45f799f8c9727cf861cc87462d22ca99eb7f40af5edde03140aedff75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
6a1e414221404f691b7f4b0c66d97161

SHA1
d3bae709c03c3300a4a7d3c87cb9a8f314becbde

SHA256
0f9a6a8e9e5772188010d2ec45bfffd92a2493a3528a8f692310adbde3e4656c

SHA512
b735c610b798563d4146582fe2b6c09b60572ceae0d7f5d5274e807f96f98aee1c257dc245e6bfb5e2c41a871f2b42350aa733e9fff923cb3e4242a2ca696300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
d87ff92b9c724637e41d2f615254fc93

SHA1
0c9d6626660ec873f053ab2161e7577e27d26834

SHA256
8a43a1c975ac7d4dfbe517acfd746d6598054c5682e0bcb2289aed060a85eabd

SHA512
96fc7e1082a8e7d8403b4d24ba34abf6a56817a3f64f683aaed12df7f5006475f069fe05a24ac6214e184fe4774687371a3724d4ef734207fcfb649f9f3f264e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
d0cd83cd20a3cd5d837dcaa9175dfd98

SHA1
c49c113c958e54f138d0a773b481e8b5c0f9c4d0

SHA256
0a8ba3366fad4d9c54c981845573ab66886554ab8a5e8acafc1a26fee38a03a5

SHA512
390ec2024851f3c2e657972577f4c91077d984dd80fca95c2bc8e85caae99a61bc06302c7a2f80c865e4c56a00af48fa4a2adfac838e8f4a3b71ed0cbe3d3fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5dc40d2aaa6b7c2486c1de88fdd56973

SHA1
492d24f0ecc0d2120213ce15bf4c22c60b8ae11d

SHA256
650cb937c987abb0333af9dd0d9fe10a7ddeba696fc7c8c7ca63c9aad6e2f343

SHA512
4b16135463a6ee1da3af0d3a8535b8b1eed4b438a1c08fbacd5a4edadd114ce1e1e621920bd5e92fa9e615d66f41c5890e897111aed21ac56164fcf5be563d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fcd6b3de667c9e5adf379358af63e011

SHA1
e5d6dcf24ca056b7730d495e591a3c3841fd277e

SHA256
082e580efe4c4e2505e4262a254007b5555cf8265454fd1e08b1d197447d3c3e

SHA512
da919b7523891493d34b09326141a362a5b8eb1f719a9715d1a5cb1852879265c7a395d0c3e38871435e87080f525dde57a236fc38d3f1022feaf18684f1f665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e8c81057995e61e2ee49f97234f8ef76

SHA1
188ded4a4de3488f2f39164cdd48336083af7f82

SHA256
ac883c45a5e7f854e75bcd9d6328c4ba5cffecb2018919cbae43c116b8dac713

SHA512
dfbbc1ee562b57f5d14731b22dc21d86364dac5ecead9e85c67064c326733ba5e1fa0ba3a63ad2cfd53f905b17b5f8f0001f9d45939264715f677205e1dbea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6530ff9130626767e9a4b7e82e5ce71b

SHA1
73c74713d25c3932d24198731607f03e0db01b85

SHA256
5a6dbf5eab073e97390b9cc656bd6802dfac6bbc8250b4f30610b7402d787018

SHA512
09dc29e297fd7f9a816169f78e253ef42336dc93cde0fa0e0eb4b0169fd05722ab2b307053d1ccfe718096aff22e4efb46e6d7883da5e6783ce2640495e9f536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7c6e6590cff772884fe05c7a202339c5

SHA1
d077c80b6b366215732bcfbb08abbf6b879ec33f

SHA256
2ce8c800b101bfaa18187e21f5f9fb92889432e15aea72bd8f36785a0ac49075

SHA512
b22078855d01079cea1c960638033a4745d4f468f1879215a1b132a2ecd30de26ccb424b52fb8fe47e3ee69ef18cc57babb80ae16b86586f796071c75f727bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1525f183d42bae81c5ba332231bddc53

SHA1
2b3d774f9f6c6a8402c38979bf6070c80d429f78

SHA256
01639d97f0f6d8f8b2e30ab01186fa70130881d0bf017965e293f161743fb0f0

SHA512
5bab107ba227dbae91c93b765cf5a43a3922fc5ba5b5a2ea91b4a3f6b6ce1f6d859c39782479981df292d2a708a593430b2b2a893648481c0d5e0d48d40447aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dd29a624afaba04e8c6a338011911774

SHA1
d07d5c56100f88720b4e130c6d011d1715fbe661

SHA256
d37e054313735b7d69e1d54544d349cf660d5d4f7f3039873c0a727c3ac261be

SHA512
a6add3a34bb1b7225de325e5b071fd53d90b02c6e10be922ec3ee21bad35141a9672fe1a2c29aee95d57298c9ddbaa0327fc181faf676253dcfa71591d0ef6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a1c84a8436e99bb3089c9f096321c20d

SHA1
bf58914bf3a63b98e97cb01f0c38ce6c205618fc

SHA256
042d66d56ceb538291aa0333ff060f4794135349ba33e04e145ab09770d76e90

SHA512
09f84e20ff78cd66698dc812fc871785832b2a443ce82af16c49a8945399a9341979b472c6f54d693a42a111a28a64f39573eb315e77b569d8033a16307f3cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
23d3c35497e9401a2fc3edbff42668b6

SHA1
a3738de4438fef526e5584030a324769c8515b3f

SHA256
3bcfa8ecbfe1022ac666e9cc1f4a54d9f08fd0287baec32968b7a8e17a2387df

SHA512
3a313def3174b04c7780b686bd8971996d8a26b23609d48e7ca6de7e5f709e7a045091faccd503a24fbbdfc6f40ec317bb871ffb38bbc27254403c04c6650f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
e96cb814cf3b520b8c8b88bfd1c21edf

SHA1
aa8d7cfe363af560536957b99973d7bb9e9939eb

SHA256
c2712f0a3767340754bd65d5b428f88bc8f1db60b4694a1bc64c251d05abbe5a

SHA512
4290b5f7f309e187c4c55e57577445e601363a7164dbb263a2e0feb9d9db2fab8df0a6ddd42af36ee80e44a108429e540991a3677b6715f630c480585cba9a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
e05e24b799684ac586a9d95b5231899f

SHA1
910c4b9525b19f9894d44fe6acb08553d0ca2896

SHA256
d72ad9bb680b3845d73f9ab1cc99cc334c31572b9dcab3d650359cbc33079946

SHA512
1971b7cb069cb1c7111bdaab474bf6f9b6df666cf7a441339f0de6474de352fa01011c90c7013007ca15c167621794f7510157723a5902ed24aa3b8c8d64401c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
1ee634981fa0834f754308b8f2b55096

SHA1
23e2c1cad587b0d27af553b62c902da1caf55cd6

SHA256
1f22681bd6fac48f439b0ca0d9baefb36869e4380147a11941c811f64885759a

SHA512
5cfe7dce9e7deaee309958ff9d88118fd4cddf3215e3ff46a19b8a36d42457b8a472d62feb303eb0480f29584b7fd8da285068877005a55c2e0616d7f833ee23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
f1ce9d1ee7229156e1cf24c7dd81d706

SHA1
f138eb8b5be7bd9da81d77fa8ee4f53ca70c5caa

SHA256
fbb425249b4c7937f58936d92cd82842d07dd613134c7b6f6a7d87fc31409bad

SHA512
4eb432c73769e33add713b7ee537e9dd8995a1b46ad8e6da4f6d93815797319e2f39a39fff56712541de98c578f03b73fce2605074742d2ef0cec72803923adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
6867871b8a879138159c84dd9daa1681

SHA1
5ad664e9d139f65b2c47af486a76e98b89d67103

SHA256
a7462ba8f2f14be45d3246f9f863b90f17435feb1babb109c8c6f33c0fbcd1a9

SHA512
d35db37c21112f60ddb7957d6bb74024c9479943929a03a95b3f75b19b04350dc80e2649aa859d28d69f3d2e27666b025b949a5e706e49669958eaeaae6815b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
908e18db2c5028510a7dfb5f82f38e3d

SHA1
59c186922e39d1404b4c67d0f35e865d6c6e3c50

SHA256
facd93cca58a4f85a60d997564273d2c72eaf8a1eaae3458bf701df56a43396a

SHA512
f432456158ec24aa0f5bb04f984efca7a315b6b9e9bd5444d65c9780a9a0eb6bbd2eb932f72c3687463a0114f54828d2bec0bf8b83e40dd1a2c10ee73523b558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
0a67172d1b91bb8cfdbdf56341dad75a

SHA1
27a4e2563c1659b742c24ae9338ade461eaa07f5

SHA256
2aceb3c6fd2e0b0812b30bb7f46e2ee42b218c8115d9ee967c763efcdbff61b1

SHA512
f1729015c6ffcaf0a8ce0d12b10b6225a1989e474674df98b32ad7776b32df606aa923f322cf0020254c80015febcd196158870db00313594b09af77fd3dfcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
12782ccaeeafbc537af634b4218132d7

SHA1
979591a459f9e8e77f9a3051749fe5f6e46c589c

SHA256
cfc8c649316336b341a79474cd41be0df8f2dcc7cf62e69480d1267d5a358567

SHA512
6c596d20e6de41aad82fb37d58cf09cf46c2522c9035695ca09cf8b04a9921aa2118b0bc5185349c5551a4f20b10aa103dd68ea3f126d7b455096284412025e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
db38e3d4fea76215cbe1da411cf48788

SHA1
e73a28cbb92c36358690f94839c0d04062bf9300

SHA256
4009b4ee11e791312275f5821b89efdf587686894dbac1a9236f2cd7f6ea2ec0

SHA512
fa08139525c25bde84ac7824af1b03a44a68b6a9af54a5e25801e7942412f1f439ac7359fd67da64dca1fd9a8cb0bad4a00e680aa32b9340800f87a5d785aad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
5c9b1ee7aad8d5d71417577c3bb4f4f1

SHA1
7d4432e36821b9d7f8d1cbaa0be54b938d1ea54b

SHA256
ce66b3996bc699e03ce802ed87dc5204f3dd027432ee4011717da1ff0ea885ad

SHA512
5ae5393ce46faf6ac6c8cfdaf49fdc00efa0903af093d57c8834b8aacfad82a33dcf0271f8d1574fe05cb0539b0c27da6d2c76ddd5f397b7bccd1d6a249c6b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
0274f3e5b2540dd995b0879f8646e858

SHA1
c66e5fbfa19709e8865a4e78a4ded7ee66d10684

SHA256
7d3bacde6a47abd5bdd53a887053c503de83ce5cbe4d16332f62899964cbee4a

SHA512
f4ac15e3bc59d6437ad2d48ddd52d7efdeef755ece8c2fd1e4b89ee3bb280c16a4f122ab4da9f735d570beebc2c55f698d59382f2f999ea1f04539501a5f44b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582844.TMP

Filesize
106KB

MD5
eec9fdccbd25b0a5ab5b9c1365e75016

SHA1
5505cffcf39bd45655af59f21646d358b766e948

SHA256
1a12caf6348bd2e6e8f1dd3de9cee262088b6ba0377008d9ce75d47935d4b3d2

SHA512
9e299dbebf4509b2433eeb4ff2199eacd042c7e3d3641ea439e938f978fa475c33f526ee520d84df0b9dcc727a5cc2cc12f8dedfe72049a388e3f49a1caf5a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx1951.tmp\LangDLL.dll

Filesize
8KB

MD5
a342d5a613dcf7e57e1f1a1bd4dda897

SHA1
5448bacb7ae79fc1a35624efd130be31ad914ed9

SHA256
58d4aec72eed0f5bfc6d0a292903a4019f406c00f5017ec29831ae35b108a72d

SHA512
5c9d3976cda336f59720584b2e5ade882a956485033ad14ce2038b04388f19daf2a379ef537ee327d36ddc24984d6fc3be4d51f75f73fcb62c1f214561c45b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx1951.tmp\System.dll

Filesize
25KB

MD5
a6797f5ba3cc8c13da1c4c374bee9788

SHA1
6e085737a7daf91a2536ae38356bb1786e310469

SHA256
0182ffbba0cc909677cdd00654feae5e35ee047e7c7b094f3b5b320cbed21aaa

SHA512
da5f8eb85faafb26674e31bdfa2c5d8f2e83fef5f4bf1a14aede4fe36305cdd39c0394df65967f85d33fba91a9c083f1c12145bc7a1b4310e89adf93e366ac1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx1951.tmp\nsDialogs.dll

Filesize
14KB

MD5
7e1708ebf215276eca7284f19ef12c06

SHA1
d9e10da2c0cee2ed5f05ceb550c00a8bdc56518c

SHA256
4401d9c3cadb5845e0e899e3f7ef325e2f02cd83a982331acef193fed20ab7e5

SHA512
4e7aa02cee85184a8362f2f52d926de318a3c2cf3b8beaed47a1c0f975c5970b9f922996ca584d450c6b165654f2901c4c3615c2e317c3cf0ccfe007e686a262

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json.tmp

Filesize
29KB

MD5
8b18a4e9dfea85e9449875ca0c12c297

SHA1
9ab348679024f700e6b2df852b5eb9e85a482ff4

SHA256
2059de7bd2764169115f50f1e7e5f41229577a976649fcdea256021161316e07

SHA512
3bae53c0d132822cf4a1cf41cdba7baaa79400766a4a07da98487db64503ba6917145ae1ce66a72036d4779588c53bfb05cc228339d1f8397280800175dfa736

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
d3d67f8307de3804780d0689dd527db0

SHA1
69f01794adde3327ab7f1fe1730f63d4ec56750a

SHA256
8563ae6eb525852a90435336d8467f472ebc24e60f8a3b55cef51f7ba56d6ce9

SHA512
77b7f9c08fda6d8b47bf1cc072cec3dd0b94b41006831b076048d530b2f833c37dfa236c943270cff94006a070cbac636eca2b4eb8447736b9b0a2f8463325d7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
826B

MD5
b5acf20449a24ff4ab0dcd7e90502ca4

SHA1
1613539fdf7716a5b8bf330c629a027fe2e13811

SHA256
79ade037bc7438f7dbed633734e7104da136effe9b037fe479cd878bdf27dc5d

SHA512
798bcd50bb076a91664eadb652733e743804010ff65a9dac4da2a6256c07236f1895a9887d6560299d6cbb5b47648eec83051b6c913714a172dd200dc887ac99

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
bfd02dae974ed391c2443651b9a5b842

SHA1
dabb44fda2a4fad51fa35f2f7fdacf1cccf92bcd

SHA256
969cd24ca0bf54c32afe01a380f89a2e5855bc9d031c1e1afb613e87ba567d34

SHA512
ff5e66ce84db1831589db35ea0916252feb519a243b26cba631ab6ecec67fa009249eb3c0756c9a5c60ddf363d175f492eb43e86c57b5ca4cdfcf5ae3949f814

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
e42663c26919ba5259056243513b5d70

SHA1
0e3f762fb403513b33f299c0423ec950484f9a96

SHA256
8d19fe540046bbd1f6e34afe6af1b6cedb98e873b1e2885c894e5b7fe3627163

SHA512
52115b05fc6bf938c44ff2bc2e7ad97b71458dd9beb19bf4ce7179ddc9e71a0ecb35be0548c5c05b73ada6b274100d9c04f83f8f577dd3c549c77ef8955b4943

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
58a475618e19f55d556818ad8ba2ae11

SHA1
c0769db8796cf5d3b4ea00018daa7cce1494ffd1

SHA256
ce80fa0936bf06ae2808968504f67ae7a035ebc819e82461c710bf0379dc291b

SHA512
e80e4ee0dd430241b953e51964fa65dd967370bc2a713c2f762a4799572aeb6d2519d333ec6b464811ddf3c2fc10608ffce76fa513068f647b615147d84c6c43

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
2b60849581f23ba8f321ed4d32839036

SHA1
e0571859d9929bf509e31f522629f204830b74c5

SHA256
e3db038c98bf9400faf79f73f1b3dc9f64f43dbcb7b75637582d74ddacbbdc32

SHA512
8042f257c222b0b6d372dd05b362b80091115683bc11bd18846f08e06bb51561fbd0591bcad4b06c3709381605e1ad22067e3d5bc28f20b6300c5eb8f06d822c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
c3dfae7bd35fe24b188a7af095a94994

SHA1
dc8d92c294e39a4cf9b9c2862d0635fe10529b4e

SHA256
15de52ebfa5ec5e24bcdc2b7ff40199f4bad23cbb593fe76e9e81c1d1ffd6a76

SHA512
ff21658a09ab342e94aafe7e7a4cf917b6fff25c30826ba15b6de9574a75f91d4948dd6c0b487358169fdbb6d6c0cfd992c0c066293d6ff44fbe9f924113b6d4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
795755e7676762a85c279de56f1dc0a2

SHA1
1aa765735d132e497a980b886eadd2cef9b20b71

SHA256
2462f0e42bd2bcd208b2ecea446883ce15c9eb714540a3999c3f4b7b77baf40b

SHA512
5c77dfcde41c2152d8ec31a2773c22d67ff8b403ffcca29c87bcea9291649d59ffb13f37657c1167edd3f43e81774b6537e8d7129a82fcb4a4ed654938faa520

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
490830c5ae23b553e9970aff9a2e7f19

SHA1
56251b21da71071b0c47be6aa1337de8e9862fba

SHA256
f2ad4d383649c54a0972649888eaa6512aca62806c529ea2da833be0c4387572

SHA512
5a18a19a9f673bf20156b81389c1a2254cfe1ebf69a204ca138202fbdb9818ee389f0860386744c05d899f5052749785fad9490c4c8ecb12ca014ae6bc910fd6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
2d0ddf0ac85a7e41e1e207d6e87c7ec8

SHA1
f03ab5c424959ccbee2558b87eb95c6054b9b023

SHA256
0e5b59380190b1ef11ba5db550f367403db57c10a49edf604cc71a2ef00e433c

SHA512
5c27a2dc724ea4ed732ee577d46eb43a9394821683cbdf80b70d472f40ff3e0350471e0e8b6e3e0bdda5e3695da1b789b068472793e2db8bb8ab73fade6bedc1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
471B

MD5
11cc7705bda8ba4de266cf45a8c6ce6f

SHA1
ba43580b9402fe6873f4851f51b27cd225f8d214

SHA256
50224627a59ad596adfbbd90d22adbf83118f80ba41b6448aa287f30c4dbfcc0

SHA512
306cdcd8611ad652aaf750959664ca0130b72a6237d00ee55899daf26a1cb95f3ce690f4c93fde19d60ba797f2ac7bd59cf379e10c9f7d49cd745e60655df78a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
96KB

MD5
bd46c1314616693cafbb42bdd084eef1

SHA1
284b7c455816e1441343de360af9ffeff4b09c99

SHA256
622f16f289907df78f8210ee230fb448361286181c6abbdd2bee5186cfbb7d16

SHA512
5c203e779a93f15f07d1cc17deb4e6146c0a92191240abbb85148a9e121c795db03d98f718b42a9bc1b099ca1c4deceb367d02fd2d1a1705ff21e9dd0aaf2010

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.2MB

MD5
79e1adc6b58755472c26b625ae1be29f

SHA1
aff12e9387bb9231a9f3c00caa9b963266b59127

SHA256
919c69fa13d222c166265a4325da32bbaa3b0af8d517d121dfa90cad43a65a05

SHA512
cfe705260c28a120355c0e78ecda2c67645462f592c93dc617fd0a08e2d678e49fa7f97280853b6853044c54ff7ac7aee417bdb87f3b9eaee83d339b1007edc5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
9.5MB

MD5
80d95585c6d799c475903d6f84393366

SHA1
296d16cf9ed30170b22c22ac5d65dc2b12b2e488

SHA256
9a25e18a12e34235abe46879594e62bc4044657f2e5a915063cf3010efcd5fcb

SHA512
14afbc3789640c8690f1ee7d2cc7cbd1cd77e809695264085e1ddd7dac37922027f0f47738c131844341590f0408ca28fe53992aad76284dc839ac92c4a7319d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc

Filesize
511B

MD5
ad2d90351718f4617d04bda0c7fb77ce

SHA1
9d1beb30e95f48a24748c41371de64c2ad117825

SHA256
643450c19b590a7cd98ae0b2ad39dc99d721da737a9c64300e1e671e7e1b4fb3

SHA512
8bd399ff10836bb93285a95321d0ce97198c8bedecb6f2f5b92cf0e72db6f5fe38838afc24e1f0e4b5d0eeedce017bcbd0b16a203f6ec623d2378fd91719ac12

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
25.3MB

MD5
e403dfaf68b8537495e25c09389c518d

SHA1
9d96361c667e1c8c56a8cda5c2879ef4041434af

SHA256
a2e7f4c226cdbed7d67223d18142ad187ed397ee854fbe20dace6aca8a3aa4a4

SHA512
1f4001c082824213e73a66735f17ad332253c17d75983b3126fd6cdd13495611caeebde18719b38237cfd8c1335fcd6b04c766fdcc088f908137d2d5881e8d8a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
02cc492b31cb1d94a7b6a928761cb8fa

SHA1
64ae34ee7f3bcd2e9df2bf58142bcd8f409bd975

SHA256
c62b9c56f4ee23666308888a0dca00e651075eea6f96d3c783ec2037ce4acf1c

SHA512
d312a101171e70a0875be3dfd767d0e5778ef25864a7f48c53408b48b1b5a45b36d5cb68f55d91b00237133ed2b91a362d6fd4282582dae33b189f148b02b119

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
bcfe7882860143a480bc3311c6aae858

SHA1
b1d429cfbed0130c1ccfb65519ee0e89eba18cb0

SHA256
2cc69d2db26cf97b11b54643076a2e458962fa8404f768dd6702dd306b39f72c

SHA512
4ae02c015dd693e033f80dc1e762a440e91942cedff961ff5818d44af82b8303de7873c91ec150d3b97f4856d12d9ac0c36c5d23cad55e70cf397a34a8f69bb3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
bcfe7882860143a480bc3311c6aae858

SHA1
b1d429cfbed0130c1ccfb65519ee0e89eba18cb0

SHA256
2cc69d2db26cf97b11b54643076a2e458962fa8404f768dd6702dd306b39f72c

SHA512
4ae02c015dd693e033f80dc1e762a440e91942cedff961ff5818d44af82b8303de7873c91ec150d3b97f4856d12d9ac0c36c5d23cad55e70cf397a34a8f69bb3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
bcfe7882860143a480bc3311c6aae858

SHA1
b1d429cfbed0130c1ccfb65519ee0e89eba18cb0

SHA256
2cc69d2db26cf97b11b54643076a2e458962fa8404f768dd6702dd306b39f72c

SHA512
4ae02c015dd693e033f80dc1e762a440e91942cedff961ff5818d44af82b8303de7873c91ec150d3b97f4856d12d9ac0c36c5d23cad55e70cf397a34a8f69bb3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
bcfe7882860143a480bc3311c6aae858

SHA1
b1d429cfbed0130c1ccfb65519ee0e89eba18cb0

SHA256
2cc69d2db26cf97b11b54643076a2e458962fa8404f768dd6702dd306b39f72c

SHA512
4ae02c015dd693e033f80dc1e762a440e91942cedff961ff5818d44af82b8303de7873c91ec150d3b97f4856d12d9ac0c36c5d23cad55e70cf397a34a8f69bb3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
bcfe7882860143a480bc3311c6aae858

SHA1
b1d429cfbed0130c1ccfb65519ee0e89eba18cb0

SHA256
2cc69d2db26cf97b11b54643076a2e458962fa8404f768dd6702dd306b39f72c

SHA512
4ae02c015dd693e033f80dc1e762a440e91942cedff961ff5818d44af82b8303de7873c91ec150d3b97f4856d12d9ac0c36c5d23cad55e70cf397a34a8f69bb3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
4f3251a55f692e8e0f2e2a48fea1f5d7

SHA1
5c4a8c8996bedd3045fa1339fa9123297f174e5e

SHA256
db984c0065b7c88bf198466f8b6b39ce0e508548f8efbbca71dd6a8804513464

SHA512
6ee31f73c3890d7fc00cd3b89ca1c27d0843381cdaa3e62f0581a3fb1a438c89554670c5bb0c574ac400e5b5a75b798990340889ce46607a33acdd45353fc1aa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
4c026429c5dd3e5ddc955960720b66d5

SHA1
2e09afeb9352178b7441d220acce586b4b2b04e0

SHA256
a59bc877fe0e4299f13a2e1a6869fe0304f230b8023f5f2ad0293cac9fdc959b

SHA512
3ad0ec1ab552411cd4dff56360dc8f6e76226eede707ad1c28ad41443f4f98a540a37d278f6cd089901dd50b705d8ff37549ee8f7621c819438a2e36b24ef4dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
4c026429c5dd3e5ddc955960720b66d5

SHA1
2e09afeb9352178b7441d220acce586b4b2b04e0

SHA256
a59bc877fe0e4299f13a2e1a6869fe0304f230b8023f5f2ad0293cac9fdc959b

SHA512
3ad0ec1ab552411cd4dff56360dc8f6e76226eede707ad1c28ad41443f4f98a540a37d278f6cd089901dd50b705d8ff37549ee8f7621c819438a2e36b24ef4dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
4c026429c5dd3e5ddc955960720b66d5

SHA1
2e09afeb9352178b7441d220acce586b4b2b04e0

SHA256
a59bc877fe0e4299f13a2e1a6869fe0304f230b8023f5f2ad0293cac9fdc959b

SHA512
3ad0ec1ab552411cd4dff56360dc8f6e76226eede707ad1c28ad41443f4f98a540a37d278f6cd089901dd50b705d8ff37549ee8f7621c819438a2e36b24ef4dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
4c026429c5dd3e5ddc955960720b66d5

SHA1
2e09afeb9352178b7441d220acce586b4b2b04e0

SHA256
a59bc877fe0e4299f13a2e1a6869fe0304f230b8023f5f2ad0293cac9fdc959b

SHA512
3ad0ec1ab552411cd4dff56360dc8f6e76226eede707ad1c28ad41443f4f98a540a37d278f6cd089901dd50b705d8ff37549ee8f7621c819438a2e36b24ef4dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
4c026429c5dd3e5ddc955960720b66d5

SHA1
2e09afeb9352178b7441d220acce586b4b2b04e0

SHA256
a59bc877fe0e4299f13a2e1a6869fe0304f230b8023f5f2ad0293cac9fdc959b

SHA512
3ad0ec1ab552411cd4dff56360dc8f6e76226eede707ad1c28ad41443f4f98a540a37d278f6cd089901dd50b705d8ff37549ee8f7621c819438a2e36b24ef4dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
16.4MB

MD5
229586b8895f4e3793198543c3a80051

SHA1
1d955e28a7d0088e83ef7fe753d9a222db4a2f3e

SHA256
d9a9bfb86eaf886e3e38a44a3810d68551a1d65cfe4040b57d6662068368731f

SHA512
b555358887252b8c7c14c33c067a742f46b3514634aa6dc091c0cc0e0cdae94781b2feeb1288c8ab1564e2181e666e2120928b12b667aeea30ad3358bc071d71

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
133.8MB

MD5
ce8b754cc3a6baba8fb488876083e136

SHA1
6910a63bde466727db9536516f43608bcf9c4867

SHA256
ace5dd6d629ae5507387f8a57458828ec06e74bdf21a0143c5cadc507bdb247c

SHA512
94c8f992211072232dd67f232aa895dbd3416a2b538f9b4bcd143df3262d42f37c90cfb8325529cd38b9dffbb294f921f8ba391402569791effaf320422adfbb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
133.8MB

MD5
ce8b754cc3a6baba8fb488876083e136

SHA1
6910a63bde466727db9536516f43608bcf9c4867

SHA256
ace5dd6d629ae5507387f8a57458828ec06e74bdf21a0143c5cadc507bdb247c

SHA512
94c8f992211072232dd67f232aa895dbd3416a2b538f9b4bcd143df3262d42f37c90cfb8325529cd38b9dffbb294f921f8ba391402569791effaf320422adfbb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
133.8MB

MD5
ce8b754cc3a6baba8fb488876083e136

SHA1
6910a63bde466727db9536516f43608bcf9c4867

SHA256
ace5dd6d629ae5507387f8a57458828ec06e74bdf21a0143c5cadc507bdb247c

SHA512
94c8f992211072232dd67f232aa895dbd3416a2b538f9b4bcd143df3262d42f37c90cfb8325529cd38b9dffbb294f921f8ba391402569791effaf320422adfbb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
133.8MB

MD5
ce8b754cc3a6baba8fb488876083e136

SHA1
6910a63bde466727db9536516f43608bcf9c4867

SHA256
ace5dd6d629ae5507387f8a57458828ec06e74bdf21a0143c5cadc507bdb247c

SHA512
94c8f992211072232dd67f232aa895dbd3416a2b538f9b4bcd143df3262d42f37c90cfb8325529cd38b9dffbb294f921f8ba391402569791effaf320422adfbb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
133.8MB

MD5
ce8b754cc3a6baba8fb488876083e136

SHA1
6910a63bde466727db9536516f43608bcf9c4867

SHA256
ace5dd6d629ae5507387f8a57458828ec06e74bdf21a0143c5cadc507bdb247c

SHA512
94c8f992211072232dd67f232aa895dbd3416a2b538f9b4bcd143df3262d42f37c90cfb8325529cd38b9dffbb294f921f8ba391402569791effaf320422adfbb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
845B

MD5
c069e0666aa903b99ed472fdc7fa347c

SHA1
67002fd1d2d6b352ffa80c7dd83389ffebd056a8

SHA256
54610f454634e451fd6cf1345df2b98631b8a0fc2416d73a09ec3c50cbc745f0

SHA512
0270e142a1072e09378b05f96d9c037467ac41086cc5e5c6739189d1bb62e6a2c258b2dc333c73eca10b3af6a39fefe3c0535b64c6f48644bed9c3989ffbc121

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.3_ALL.exe

Filesize
91.4MB

MD5
dbb98d806878907c60b2a698cf14794e

SHA1
62fa459f9f05b4cac43c53f915da4a34ea9d007c

SHA256
8f9e526da7d1adaa5c6c7be88412e9e6c7eab9af1b5f080b0d674f5b35f5c4bf

SHA512
d61ea9a516df38d75af58f2432c60d126cf39f522eb3c5749a44fea6e8c1f0a5e45a107b28cf205a884f5428bb80b576c4683083d8886fa80f1999ed8ebdc91a

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.3_ALL.exe

Filesize
91.4MB

MD5
dbb98d806878907c60b2a698cf14794e

SHA1
62fa459f9f05b4cac43c53f915da4a34ea9d007c

SHA256
8f9e526da7d1adaa5c6c7be88412e9e6c7eab9af1b5f080b0d674f5b35f5c4bf

SHA512
d61ea9a516df38d75af58f2432c60d126cf39f522eb3c5749a44fea6e8c1f0a5e45a107b28cf205a884f5428bb80b576c4683083d8886fa80f1999ed8ebdc91a

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.3_ALL.exe

Filesize
91.4MB

MD5
dbb98d806878907c60b2a698cf14794e

SHA1
62fa459f9f05b4cac43c53f915da4a34ea9d007c

SHA256
8f9e526da7d1adaa5c6c7be88412e9e6c7eab9af1b5f080b0d674f5b35f5c4bf

SHA512
d61ea9a516df38d75af58f2432c60d126cf39f522eb3c5749a44fea6e8c1f0a5e45a107b28cf205a884f5428bb80b576c4683083d8886fa80f1999ed8ebdc91a

Download Submit
memory/1744-2583-0x000001902DE00000-0x000001902E128000-memory.dmp

Filesize
3.2MB

Download
memory/1764-1526-0x000002B94C1A0000-0x000002B94C224000-memory.dmp

Filesize
528KB

Download
memory/3916-2380-0x000001FFB0230000-0x000001FFB0558000-memory.dmp

Filesize
3.2MB

Download
memory/4428-1267-0x00007FFB39B70000-0x00007FFB39B71000-memory.dmp

Filesize
4KB

Download
memory/4428-1269-0x00007FFB39EB0000-0x00007FFB39EB1000-memory.dmp

Filesize
4KB

Download
memory/4808-2431-0x0000026689D20000-0x000002668A048000-memory.dmp

Filesize
3.2MB

Download
memory/4936-653-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-863-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-832-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-655-0x00007FFB2DD60000-0x00007FFB2DD6B000-memory.dmp

Filesize
44KB

Download
memory/4936-654-0x00007FFB2DD70000-0x00007FFB2DD7F000-memory.dmp

Filesize
60KB

Download
memory/4936-626-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-1064-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-1024-0x0000000140000000-0x0000000140066000-memory.dmp

Filesize
408KB

Download
memory/4936-1026-0x00007FFB267C0000-0x00007FFB267CD000-memory.dmp

Filesize
52KB

Download
memory/5288-2584-0x000001DC0F7C0000-0x000001DC0FAE8000-memory.dmp

Filesize
3.2MB

Download
memory/6036-3148-0x000001E368F50000-0x000001E369278000-memory.dmp

Filesize
3.2MB

Download