eb5e791918b64c9c63ac862621aa0dd51152d904d1288310f696290e059c5c35

Analysis

max time kernel
938s
max time network
940s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10-06-2023 04:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Intel-Driver-and-Support-Assistant-Installer.exe
Size

6.0MB
MD5

ab8a502a6497a77cc39eae48869f59e9
SHA1

0d858d54940bf3621458ded29b3ae2932ca6f9f8
SHA256

eb5e791918b64c9c63ac862621aa0dd51152d904d1288310f696290e059c5c35
SHA512

a819c3047a634b91436b06630a59243772a07afa134e686a5574b6b7d8a46a0d900d7fe7f45b716a24b63dfd0ff01d447c4f16fe635440e1c9061176b513de17
SSDEEP

196608:DTO/17/yl3y+muA/b1MI3/QRw+tzTsml/6WifCnZ:nmlHb1MIPQC2z3lmyZ

Score

8^/10

evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 3 IoCs

Processes:

taskmgr.exeLogonUI.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\421858948\767729314.pri	LogonUI.exe

Executes dropped EXE 39 IoCs

Processes:

Intel-Driver-and-Support-Assistant-Installer.exetorbrowser-install-win64-12.0.7_ALL.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exeobfs4proxy.exeobfs4proxy.exeobfs4proxy.exeobfs4proxy.exeobfs4proxy.exeobfs4proxy.exesnowflake-client.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4632	torbrowser-install-win64-12.0.7_ALL.exe
3848	firefox.exe
3416	firefox.exe
2072	firefox.exe
1196	firefox.exe
4524	firefox.exe
2372	firefox.exe
960	firefox.exe
2296	firefox.exe
2764	firefox.exe
3404	firefox.exe
4304	firefox.exe
3704	firefox.exe
5024	firefox.exe
4752	firefox.exe
2636	firefox.exe
3888	firefox.exe
4632	firefox.exe
3536	tor.exe
4728	firefox.exe
4176	firefox.exe
2768	obfs4proxy.exe
3664	obfs4proxy.exe
2752	obfs4proxy.exe
4544	obfs4proxy.exe
828	obfs4proxy.exe
1948	obfs4proxy.exe
724	snowflake-client.exe
1612	firefox.exe
1048	firefox.exe
5116	firefox.exe
4880	firefox.exe
364	firefox.exe
400	firefox.exe
3732	firefox.exe
4720	firefox.exe
4160	firefox.exe
5048	firefox.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4112	Intel-Driver-and-Support-Assistant-Installer.exe
4632	torbrowser-install-win64-12.0.7_ALL.exe
4632	torbrowser-install-win64-12.0.7_ALL.exe
4632	torbrowser-install-win64-12.0.7_ALL.exe
3848	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
2072	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
4524	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
960	firefox.exe
960	firefox.exe
960	firefox.exe
960	firefox.exe
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
3404	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2840 4112 WerFault.exe Intel-Driver-and-Support-Assistant-Installer.exe

pid	pid_target	process	target process
2840	4112	WerFault.exe	Intel-Driver-and-Support-Assistant-Installer.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133308465086985617"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exetaskmgr.exefirefox.exe

pid	process
4396	chrome.exe
4396	chrome.exe
2256	chrome.exe
2256	chrome.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
1196	firefox.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

3520 taskmgr.exe

pid	process
3520	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe
3520	taskmgr.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exeLogonUI.exe

pid	process
1196	firefox.exe
3416	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
4304	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
3536	LogonUI.exe
3536	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Intel-Driver-and-Support-Assistant-Installer.exechrome.exe

description	pid	process	target process
PID 3732 wrote to memory of 4112	3732	Intel-Driver-and-Support-Assistant-Installer.exe	Intel-Driver-and-Support-Assistant-Installer.exe
PID 3732 wrote to memory of 4112	3732	Intel-Driver-and-Support-Assistant-Installer.exe	Intel-Driver-and-Support-Assistant-Installer.exe
PID 3732 wrote to memory of 4112	3732	Intel-Driver-and-Support-Assistant-Installer.exe	Intel-Driver-and-Support-Assistant-Installer.exe
PID 4396 wrote to memory of 4440	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 4440	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 2808	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 4528	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 4528	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3100	4396	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3732

C:\Windows\Temp\{BC7D5A72-2E19-4177-B920-9261F5C9EB49}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
"C:\Windows\Temp\{BC7D5A72-2E19-4177-B920-9261F5C9EB49}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1380
3⤵
- Program crash
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa299a9758,0x7ffa299a9768,0x7ffa299a9778
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:2
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4696 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3008 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3588 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4732 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4760 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4744 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3068 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5816 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4924 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3752 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:8
2⤵
PID:3508

C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.7_ALL.exe
"C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.7_ALL.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4708 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4964 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2496 --field-trial-handle=1724,i,6836712909728503050,16953922886044407497,131072 /prefetch:1
2⤵
PID:1240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3212

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3848

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:3416

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.0.1794437397\958354359" -parentBuildID 20230702080101 -prefsHandle 1736 -prefMapHandle 1776 -prefsLen 22988 -prefMapSize 228408 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 3416 gpu
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2372

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.1.523992695\1668078060" -childID 1 -isForBrowser -prefsHandle 2268 -prefMapHandle 2276 -prefsLen 24442 -prefMapSize 228408 -jsInitHandle 800 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 3416 tab
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:960

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.2.537889591\416604656" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 1980 -prefsLen 25494 -prefMapSize 228408 -jsInitHandle 800 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 3416 tab
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2296

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.3.1335506089\1046413783" -childID 3 -isForBrowser -prefsHandle 2696 -prefMapHandle 2904 -prefsLen 25571 -prefMapSize 228408 -jsInitHandle 800 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 3416 tab
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2788

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2072

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.0.1653083435\854137628" -parentBuildID 20230702080101 -prefsHandle 1336 -prefMapHandle 1328 -prefsLen 22300 -prefMapSize 228268 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1196 gpu
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4524

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3404

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3520

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.0.221459981\311551852" -parentBuildID 20230702080101 -prefsHandle 1660 -prefMapHandle 1868 -prefsLen 22988 -prefMapSize 228408 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 gpu
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3704

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.1.87573074\1640998821" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2152 -prefsLen 25387 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:5024

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.2.879516979\1602339781" -childID 2 -isForBrowser -prefsHandle 2356 -prefMapHandle 2372 -prefsLen 25494 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:4752

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.3.950641907\1768345564" -childID 3 -isForBrowser -prefsHandle 2364 -prefMapHandle 2376 -prefsLen 25571 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:2636

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.4.494675667\620702562" -parentBuildID 20230702080101 -prefsHandle 3124 -prefMapHandle 2776 -prefsLen 26533 -prefMapSize 228408 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 rdd
2⤵
- Executes dropped EXE
PID:3888

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.5.289501622\186395917" -childID 4 -isForBrowser -prefsHandle 3396 -prefMapHandle 3400 -prefsLen 27456 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:4632

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:7ec7c9ff5eb7544960cf1a5521a6f586e096aa927a26bd60f80982965d +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4304 DisableNetwork 1
2⤵
- Executes dropped EXE
PID:3536

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
3⤵
- Executes dropped EXE
PID:828

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
3⤵
- Executes dropped EXE
PID:1948

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\snowflake-client.exe
TorBrowser\Tor\PluggableTransports\snowflake-client.exe
3⤵
- Executes dropped EXE
PID:724

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.6.1360406650\88736852" -childID 5 -isForBrowser -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 29080 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:4728

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.7.849109841\559504653" -childID 6 -isForBrowser -prefsHandle 3936 -prefMapHandle 3880 -prefsLen 29080 -prefMapSize 228408 -jsInitHandle 1112 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4304 tab
2⤵
- Executes dropped EXE
PID:4176

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe"
2⤵
- Executes dropped EXE
PID:2768

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe"
2⤵
- Executes dropped EXE
PID:3664

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe"
2⤵
- Executes dropped EXE
PID:2752

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe"
2⤵
- Executes dropped EXE
PID:4544

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
PID:1612

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.0.300011635\1890479673" -parentBuildID 20230702080101 -prefsHandle 1336 -prefMapHandle 1320 -prefsLen 22341 -prefMapSize 228268 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 gpu
3⤵
- Executes dropped EXE
PID:5116

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.1.968424106\383511575" -childID 1 -isForBrowser -prefsHandle 2556 -prefMapHandle 2548 -prefsLen 24990 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:4880

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.2.119860965\1854283079" -childID 2 -isForBrowser -prefsHandle 1864 -prefMapHandle 1832 -prefsLen 26057 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:364

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.3.1173501580\858039448" -parentBuildID 20230702080101 -prefsHandle 2852 -prefMapHandle 2016 -prefsLen 27019 -prefMapSize 228268 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 rdd
3⤵
- Executes dropped EXE
PID:400

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.4.368056117\649711498" -childID 3 -isForBrowser -prefsHandle 2772 -prefMapHandle 2776 -prefsLen 27087 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:3732

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.5.1328521314\1542686677" -childID 4 -isForBrowser -prefsHandle 2728 -prefMapHandle 3256 -prefsLen 27319 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:4720

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.6.1883774120\1676306606" -childID 5 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 28424 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:4160

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1048.7.1559394097\556046371" -childID 6 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 28424 -prefMapSize 228268 -jsInitHandle 1124 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702080101 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1048 tab
3⤵
- Executes dropped EXE
PID:5048

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a8c055 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3536

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
77af0c2725f55472623f56cd7042b274

SHA1
488988f71b9182d8fb5e03bec94a7db8d900fb1e

SHA256
40024199c5f344214bd687613be88c3e5d6a2ed9430fddcdf0977ea0731a503e

SHA512
329d6406f5d74f6979eded28c123c9639184ccc847d0604eed00cbd0f26ec038608b07a29302fb2112cd4394ed04d4bf002fa252489bceabd23ec9d455cc7662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ebfcbc26c754b1412927ee2b3d315610

SHA1
df5d5323279edf833f589844ae7e6fb7b9ca5e31

SHA256
3a49c1369288adcbec60eb3a65851979b0abbeab120cfec909dbea90f8779d59

SHA512
2d7733e289f79dd05a490ebec1a0de58a5d39903f96b205cb64570a224146301a9ebc42c3fa6254264014ce8dfc3cd78239db9605249bb1e589d94c58c1984bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0268735d46ca98524a993f7afde86659

SHA1
a939516909021b1394195ba3ebc014fb323da105

SHA256
68a9a48f7301dfc520c7e9d9eabdefdfd801adcc4fb94329db20bac4b7acae3a

SHA512
23b2230a808ed44a382c17ef48e622c96b85f7c4e3447ca72bb9a7bce5c02a7615689a3615e18a537a368739560b1f6c923f2f015bf17b61f71c5c1a14ceab1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
41ce771f6474c02531c52b5abf4774ff

SHA1
3895c1e080f73b0561724afdbc3b65e339d4b5ed

SHA256
9fdd68d64cd694727b775e9539f161f9f53d8061b8b583d811dcb36abfb95e0f

SHA512
d451176822d234e30d81eda93d1ea69492926f73a4adc76dce2a7e18697b50fc963d48782fc87cc41c8020dc7aa316ae20ce806a78fe33b30eac835142ad8fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
559ba2c2271cf4f98a4e51aee884925c

SHA1
7b108831c60113ec3b394e9a8cfed21ce269e2dd

SHA256
f9c0b9a1e5e1f3f36dd074cc3e2df37c8b018f878e04e9ed15c7eacb3450bc06

SHA512
4810ac37501506fe14203af2275640425c759c66aae2c10dd45d719104a874038274f528d13f452b89cc9bb3487595277aa006f0f6ac0e4f673c6d458fc1904f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
2aecfe9dde80c4b6c8169ea6d34e0548

SHA1
9b54153a6c633748076b892b82966a9a1261bf34

SHA256
28e1b2308fcf2a545b997e8da4dacd31eac5d7eb743efea8ac123ace18e0bdc0

SHA512
c7135a4ef8c0958b552537c939f4a0b5f52f8531e456a1a9fbbdabc28119dcea70322d17983ac5090cbcaaca075f221757e394669afdf187b82cf2a1090e5400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
82a412e35f0a6bb3231a6f50de9e018b

SHA1
43c90f3cbb6885dca1c2c2d566d76aea4e11023d

SHA256
0d292a46142e6e1c912df19b7f1cbabc0c3e0f2bc1ff56510c649f8042a49ccd

SHA512
8e0d2be9a29b842d5927e42da48c2696b67a5e513191675d83fbbce075f3fd58ec63dd2bcd10c79b12e8337c9c51a0191efaab5bc8519ef49ac462a5fb373915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d0869bb226fcc0627ef1f0f715fcf4bc

SHA1
2536d09722f6af6b50d98fb617b35ded85e590d4

SHA256
fa975eafc00c647f6b263224d25ae8c761f0195ba0018c2d47ca1bfa5f6ac780

SHA512
24557bb83895d5ef3e759848c4264cb4440c5b30336c1cfe100bb7d46171ff826cdc7eb9758f89d2ec2a8b2834182098622bb944d6f0a87b8140b01c5e4512b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9cb29c093072bb4f9f8310b8ed7a3c00

SHA1
04bd8720c420f3d9b8b7cdb78a9cd9e0c664c5a2

SHA256
14933e45ece499cc741589722f8480c3700bfee64a3f3871dcc323f689f327e3

SHA512
9020952cba8a09baec1f09bac2faadf7066c4317d1fca8f5a3a5a15e810099bce192de1b97ad63bf18e1d90f5aaa9ee5b372bbe968cb6f3e3e2c74235730ab5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
076883df0f7fb5a15958ff8423af19cb

SHA1
3e7a0b23018812743c4515a288be8cb4aacf0cf4

SHA256
5317f5f0f1512a4657242b961cd9ae8c14d3d13453810b1dfdcfd347d3f91462

SHA512
4e42377e49a450d0625e646a9e868ad56bb81dd00c89580bbf9706e8dd57a0086e0e7f8b8a32755c0863618b70d34226b58f022cd855127d580c0344710e80ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
701B

MD5
98a47dd9341e3dbda1cb03539a307f8a

SHA1
c68dc1322c61900aaf0688e0e1cf62960baed164

SHA256
2d5e8d2ed6bbfacc427b237973462de61fdf20ab6467e49b3721dc153084e4ac

SHA512
72db9d78fa4b04d7acd05356833424f7a701f0c197dc57432cc87cdd6f74d0e3af54187c2721728b65e226da838dfbef5e71761722caa74c662187d75b7b705f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
867B

MD5
cf3eedaa9cf1d4536c0ac414ee11ff96

SHA1
644bb44940f13463f369b91da3b3c27e0c80e0f3

SHA256
9f9119b879eeaf4a8d4242abc554c1a7f20d3a87428ea992416799cc01a52b2c

SHA512
25eae7ece3f3a186af7522f036040ccc25899c97518acb83f1209b1e9d39552d3e9a3a763021775b7ae753973ec93cef205608586bccf4dbbd9b885fce649dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
867B

MD5
fa63db3babc7582c08e773bf16687330

SHA1
14bb6e2338febd15794a844cf0b28655291f7e67

SHA256
c1e9ca79d69437389b5993ab0d9317650a741090060a073569ddfcc522bab33e

SHA512
9700ebf1a5835cc8709ebf25f5a5ab0a7df30ba672ef33cc3504aa9b1e6914a8ab99a6d870420408a09966b76d2963ef477552f7e7bfebc418847450e07eab2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
867B

MD5
4e28ad85816d355006169274c4fd86a1

SHA1
eafd4cfa4c4665b8acaecddc2990c5f1d2000a06

SHA256
5d008a26c770974fde8d075c1f9bd7742001b39ab46730323248a9d091e7729e

SHA512
8c51fbf02c85c91d41bf980ff694061aebf8b82d1e0a8bc0546f2e030c5f7ff0ace92d24ea43322f8212b59e97aaab337a31ee3fea4342d18494f89bb825ee31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f898be813bd039e620f2639796ec9856

SHA1
b7c2fad5f2681c2c1a4123689db1207e2602e2d2

SHA256
a779a9f711572623ec2da3550fd45a00a5a64b310eba669c90245bb3ed45defd

SHA512
d6b41b1874db24a243d382c3b40fa908f5b0796142a625445d804175327c20a81b2100b76febf6f540b92675fe203b1ac8c88756b79cc3a5fa086fde1a498c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
48abcd241d4b713466927ae1e8d2b24c

SHA1
59b27ab5395617cd7e0817de6ed02c97e9396783

SHA256
654698fff1dbd6fd0241f73fac32ab876726adf9c6b49f7ac29d7f9845e3c159

SHA512
6d4f9827612d071edc09f241ccb397370ffad17b19bef1abd087230175701b65b1812661ce3868276c76b31230e331f71230b2f0fca450f69f7cc5a4604d03ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
80fa434b05739845693bff3556502ca9

SHA1
467d4694b0c50b7ef04ddd795bc4b72b9fead578

SHA256
0caf49b9f527e8f3d492232fd553c8421be21088bda9ee0840a07aadca367539

SHA512
a8f01203f08075bc04c336a18a894cbafd6481c0e7d01691b181a394a8f8074a4a57b827b9f1fe94136ef1785d876d6500fbbb425963e42799109f33e98d52d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a39d9bb72fe322ff4c49404ada8dd2a

SHA1
c562da2c44407d77c8c55d745a978141da41be41

SHA256
bcefe1f089d00b55a332b0cc099a9f8c4351c88d44fe17ba97d1589330158a70

SHA512
adc6fad242d41c28af06774412d4c2c68ee1506facf1da0409848e6f882f67baca057edceddf88da6c7c36692cf355ecf8b68e4fb7a0c70cda8135e8ba9b5140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
baa07f3043a6932647f2d65303fe5eaf

SHA1
0e69ec037c4fdcbb35187d6b19cde79e15d8a835

SHA256
ea78dbd30b51df27d14515b91070a304fe0cc4e1060af558e3b9d3a66370f3ac

SHA512
6faeeafd69a9eb3285cca9792020670e884a4f464e6b7f98f3ad7c36680449424ab75e31231558e2f2b7dc5256b4ac1d71c937558429213a6a64cfe18081c50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
48d986f2548d6527c0700ddbb10f3f38

SHA1
7548a7158d28237df2da2ca75d7d3886f16ea0ba

SHA256
84b7703bc30bd8ffaaff546fc4cddfad28d97141bc974a74d261605ba64d31fe

SHA512
22cfa6cfff5941e8a6131034197bfcf8330f2231b417cc37f3ae7f6b0de64f4eb71efae69656104631974a3583995ca5965fbbd903cd9fec3d2480a7a4c0f87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4a3ad5a335e7fb3257d565c3edb3fd35

SHA1
31a033f50551241d07d9860f24ea2813a4ab6fb3

SHA256
fba19a9d0a168dcaecbbd467e80bc15fca99728469c9dd3e2628af025c8243a5

SHA512
9a28be43cfad6a932f8799505992468f568eab3dc48b0e1e08703dd4887383755755d3bd8b12897958cab41528376aca31e1b5de5498887c4c74692659cac148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5eff1911b8546df73a6f5ecea8f9c066

SHA1
69735a7dfb5ad5a36a6cca664df1cf9f299b3bcb

SHA256
11ea362523c86bbaef1bf9368c635b76d49c4087d4370d28baf649a3b43bf1e9

SHA512
f0bd5153c51e46e67fc5c911fadbcaa352767cdc8ef0df2115ede9310dc470ccac8680edb6cb9f9b22cd973b87f86c3d32c88336780abd55a77f0e2721e55d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d56c7a3fb9b8a7fc57ab5fea81cf7ab0

SHA1
2ae940f28b0ce3706a082b59fda1b78bea5aec34

SHA256
d16891edc64d3ca70513058b910a22cea54edada716dd707796b46a9789045f0

SHA512
afcf91171cc001c0dceb5ed13d7285af88931685fb65443c2acf1761f35cddca9b072aeaa6e17c259e358f3c343344455e50ff4f8adb2c974042641fc67088f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0689efc7f5d443ea1241fbc94f4c15fa

SHA1
7d352a471a2d65ae862f64c1aeb31eb655d550d7

SHA256
c991c33acde96934d41e9b193f3679a6bcb9333d9ede259571ef3ff898b76994

SHA512
e66f056d4f17e093631c1dd665afe6f7f68905e9eb609309f5938beba0acfd05d521fc59565eb1a35dc1e6f1ec52a4a83226ef66c96f96e1c7b9b5f2200bea26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fec2bc95fe08d14c8cde085013cf5e24

SHA1
933bca9c31056a2870b10c0f3e14a51056980e27

SHA256
6ef52633548a0734b9db25b274505c3fdbad510513efce58f3d55d850bf5b25a

SHA512
103918221625b9ca983c28a1c6858cb5ce5b2cb5d96892c6bbef41508f8ecc807f3d4129d51527f3ffb0b4a8db98850ff73a9f52f8551c4ed2b8fc400d50cb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7a8664bce91ba0ebb15e1a23d2bcf7f4

SHA1
cbfcc96da5e1d98c91f4bed0bc59c38e02b4e801

SHA256
541206a92b4eeb3a497299b35684c7e2f6342fffa5022d0dd24fc00f3ce8e79c

SHA512
7e52f7787f4c25b4df52fc2a7132afb7542e03987c72ecc6efeb355fa5f87ff13fc592b635c1581ec395b5c52f84e88dbe0f886c6f79b680cbdf1f7304fd58f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9f3ae90da3814298384c9e89e5125a99

SHA1
5d15c337e1430efff5b43a75d55ba6f83820d4b5

SHA256
58f95cd94e09b90b8e8677595e8ac66a1100926915d2e61789e6f51caca3b5c6

SHA512
0817186a822d4b4bacdd18ae9ebd75dfb7a49241378f34e66e026f185a9edd04cab3b0240c23f84165ff42b031307fe587033585eb256b36716b8e98fb407a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
36fe121f4d17abae7f643f911ca04a43

SHA1
32d08f1f1b13451558a64c3d6523f6a43354356a

SHA256
b59f62a84d18ea11c86781986964a4196895247642a63afa1f3ed998f671740f

SHA512
6d1bb82b6af797f37b352818e2212f2cc6051a9e7e1a799117f6871bf44b3c61380efb67a9ea0a6a15d16931501924fe34854643506e1ec22cb890a70cce14e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a209fbfab51eab39ee8ddb55a534c172

SHA1
191a684546fce9a3fcdcfeced0a2641c38d0099f

SHA256
6174fdc5a3c5edb70e911b1c3a7c023bd0adfa30e346ac393b52e4b1fd8cca7b

SHA512
250a4ca36861f3cf5b215133d78240f4a6a9b8f8e39ae0c05b87affe9c208e7d32d3d71a4bfa14b4c3766f5434371d754ad4e141310caf2989b2d615beacd24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
9f5d1714e7b86e215f00e3d757aa96f7

SHA1
7892dbf4c4441a5f37cc9476cbe59eb1666522f8

SHA256
6b2d5808342bcb54b6e745254796be1a48a1708693feafb2348981c3450f217d

SHA512
632eb815bee051fc7d23dc4b454967846e90a18ddc4c27bc21fadd9caa199abfffd6a8273e6fa42c538dac52e0450f9fd9afb97f859516c97d0c054d081f0bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
54bf3e800e55c5859cba3982958b6da3

SHA1
4d8d55f806ce117adb8cfd535835a4a700d47628

SHA256
56dc9e1768f33a8e99f762fedf1b148959d7b2a1b5ae24295751dea583d94a2f

SHA512
e7bb5c7affe3e8184e9f29ed2bb63e52e5588014c693245f428c5145208639c64811fe026f43f4ecdb00995264b11b1a129fa3a7b2f5aedc194053cc4ba9e148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
b2759193187dc3e675e2ed74cfc88102

SHA1
a75e73a8156ebd9696fb6d3e2cd58a7a3b0a59a7

SHA256
46697253510588e02c1e45e896c0a4de707ad5801eb1ad732a9c4739e07395e6

SHA512
4c5374a3b25ec749d74aed976de3d91c1d712b4ffd7b8af7d23deade61ea7da972abb93871198478bd55ca326625e3edd3e4bfba16052e888dc37113cd0aa90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
2f087f7e555ee83c9679d666fefc345a

SHA1
26053393b2342be8f9e57ccebe5653025af0633f

SHA256
634ea46103ca9cbfff60d478026ee07ffce7bb23b5562100483b9b6b74632c4b

SHA512
f8331bd514a7f34ab27e1c404e7bc238a8ad2873345b3afe16240179d547dc7c08b1e5ac7f239d74ae0edb03a775e732f0b1deb2c6130d37f9cf091d6889ec8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
04b135caf0f65e44b8cb51bf08d9f224

SHA1
7e4890c3bacfef89af03a78121cd94010ee55b63

SHA256
b8bde86a0efb74f6882b7fd31d06c9e21f806ab9b4baf1c5b10af98cfbc3851b

SHA512
37dd2c1f59114644c80693ed48c64f3cce50d421b7e9ac302b343cb105da177d44b00145b5a15588492a6f2fe3d9c2765aeaaad3286cbb51085e462e1b6abc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
67fb7d176944fb0cf242f45566ae298a

SHA1
58892a81f38c3cbfc4acad83873a700ea6ec856d

SHA256
ceaea4e8e72cb5ef5ff4bc38785e07da3be54b2ec03f3d626dd58e38abc40725

SHA512
6f4eba93b79089ce2cb34d8ee27fb3857fdc9e2609d0adefc43b072a6ac6c761339f8667a022bb968b525436dd43490abc1b5b5e9180d8c4d24ddc57b53ef541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583d33.TMP
Filesize
105KB

MD5
e5a283c97ee14bb9c22cbf33d8fd0bdd

SHA1
66702c3fbbf370e27dbc76ad7adb0e565f6d508b

SHA256
ad1f9b004a4e7191f9d5b16c67dcb8cfb3d4c5ba9d9931b9d8060087541a91b4

SHA512
61873a1f84306b628396bb3436d4017a7562f45e9641141605d5077637ab99e4fd7e293a63bca9f06ff86caf7159915bc97a62bc7879f34c9bfc8054cd3848a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json.tmp
Filesize
29KB

MD5
3c9e809c238cfbd8b6bfa77dfdbf1e4e

SHA1
7dcc8b414191f6e8bc2584570c7c6331aac2cf3a

SHA256
1524324ca0b3b87ed8d337b08904db72c7bf61c4a01c7afc363009f819537b8d

SHA512
aa89c0c91598389858dd31348d6fa7f5bbda231e5714033753cb647ef4a9d73282be3dce8c96514c1dffc59c614c8636664b82c99990e8c2ccd11dfc48359f7a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json.tmp
Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
Filesize
471B

MD5
848b0d2e4d6e34720f924cab5085b8f4

SHA1
8d7ea673c7efed502b30f73b37f394fe6dfb07d4

SHA256
ec2f162257b0a3bc180b8c46bff1adb4d3a15fffc4d8791de90843b669ce8dfc

SHA512
c5168abe113698eaf2c8a9b39386afea22f5a294d954786284aa6b67639dfd0306b69806a81e04f1b205b8e6da9bc101fb231ccda34328e78d2b6a72ac401fc4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4.tmp
Filesize
259B

MD5
1223efa219038e2b8f2b0dff2dc94bb7

SHA1
d2dd28ab28df7154bb09b2cea11ca5054ef3f6ed

SHA256
0f1046b72dd59200e04eade8964b2002c587856d6beb8a4742ee5eac4a9a6eeb

SHA512
43759978bdffd229da5654d887ab9a9a23d05b0e934a34895635311e2a4ee6a1640e45b4b8e18e33ed9fb77a695f5a2f28ba70e993d2e257dd2c904507ed6e69

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
Filesize
212B

MD5
604f590dd5ad7806039788f9e31c9ffa

SHA1
9a7beb0e2153379b7337cf5b814214301d4c31cf

SHA256
25b7c1c76175c8d69419d3840f7cedaaffdb53ff4173dc2687bd2a8fa7d0be78

SHA512
09049d7d8fbc77c1dcb36358ffd1fad460acc55cfdf66dc7983ecd0eb75cf287f05b02b038eb9ff6520ec025a2a9667bfb0359bf24a44f71d330eeea84e1c7d0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
Filesize
2.3MB

MD5
4071a87640b5e1772a4d290ffa2d08cd

SHA1
8562b6bb41a197979c2e1e6ccac2420718f0d14b

SHA256
9ef74a905d697bdca54a9954728890fdb5bd1aa286c0fd0d9e11f938a45c6f16

SHA512
9cf0a95786b8a908f6ef531bc7278026f5b457e12c1d089798752145422408b96234d4c9b0dc2fd29c50073749b29b52c7e15d40139decbcc90211a1113a629c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
Filesize
14.1MB

MD5
27c268f1b3399fd145021ba52bbb228b

SHA1
7571b2dd238d96ec2ab1bd21f50ff65169689404

SHA256
652cbc2e14539cc3c368f3301603dfadb38db054b4ac749b92821d986abdad4e

SHA512
957945fd7242d0351a5c21bc280155568bfe88e916a3109dac041b0249ec399b57e1ffa4bce99eefd8ec080b388b720500bc95a51959041c7aa7fa6134f9b4f8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.tmp
Filesize
493B

MD5
d93a73d948d50b974a413f421c29f8b9

SHA1
3f88084c1aa91281c8a36d1978f95492a0a588cc

SHA256
1c7f544d701123dfb9bdef5623e0fa2483edb3d4125491f95cb2441336ad9325

SHA512
b8420d9afb6ef28eb00494de9fd74b6a2929fc4063090b2838e6afed23e83707efbb23b745ec34a8f5427ae323881f770e733d8edc6f4d16ede0aa1a30d5248f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
38771666c99715b521ae2525a84a149e

SHA1
94b8bce42c5df679d4d5e35537652a7acfc6eb9b

SHA256
7d1f47bc24069d96f60b0bc88e3057ab98fbb3fdef129c5ae50616a24383843c

SHA512
ebaab6f49729617f0e02e298ff51992679411d1957a92fe1a82e67f47837bf9f1f7b734e657f04e8158eb159a22c038a32df192d44efd4086f4e7a502e22822f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
38771666c99715b521ae2525a84a149e

SHA1
94b8bce42c5df679d4d5e35537652a7acfc6eb9b

SHA256
7d1f47bc24069d96f60b0bc88e3057ab98fbb3fdef129c5ae50616a24383843c

SHA512
ebaab6f49729617f0e02e298ff51992679411d1957a92fe1a82e67f47837bf9f1f7b734e657f04e8158eb159a22c038a32df192d44efd4086f4e7a502e22822f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
38771666c99715b521ae2525a84a149e

SHA1
94b8bce42c5df679d4d5e35537652a7acfc6eb9b

SHA256
7d1f47bc24069d96f60b0bc88e3057ab98fbb3fdef129c5ae50616a24383843c

SHA512
ebaab6f49729617f0e02e298ff51992679411d1957a92fe1a82e67f47837bf9f1f7b734e657f04e8158eb159a22c038a32df192d44efd4086f4e7a502e22822f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
38771666c99715b521ae2525a84a149e

SHA1
94b8bce42c5df679d4d5e35537652a7acfc6eb9b

SHA256
7d1f47bc24069d96f60b0bc88e3057ab98fbb3fdef129c5ae50616a24383843c

SHA512
ebaab6f49729617f0e02e298ff51992679411d1957a92fe1a82e67f47837bf9f1f7b734e657f04e8158eb159a22c038a32df192d44efd4086f4e7a502e22822f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
642b45946f401aa7b0a58a24fe98a4e6

SHA1
fb8dd8960f2852578b8f7119e0961156c6d47a5e

SHA256
1f41a5246e00bcee097e0414368492b4bcc2ecd92595b101b931619ed7f4bd78

SHA512
53821d9d1f8c5205c9a7b0f5202b8d9fccf09785369d49b916dda36c1170564569c6fa2d61e34e136882248fb9c326ccf55a89a627f68059ecf062d1fd3a5718

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
269ca7a74168882eb57a6e6e3eb88aa6

SHA1
fc56b2480f753873a499501b8f6b7387876df04a

SHA256
3808455a7d749aaa5403e5fe7e1c737f87cf2e6cef7ea3364684e236d9faab26

SHA512
e6d75ea5163656c91ef9bed835a50ffdda7caa0cc52462297331dc2d56997928d4b61c88b1518a60c92ad82d70f4cf4e762b4206cd60dcf0d870c6217cb3b156

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
e1d3800b45e70f18f9d5389d902a73bf

SHA1
fc78438f7a5c99ae3b6df14f2a5d6d6022cb6db3

SHA256
54801cf712e978ea5ddcc66057f1f746f92d594eba35518d3af95ae8e79a9d73

SHA512
2d86badcff15aae025b297311d472ca2e4366c7357717fbb2e006d76744f156da17bdd616640167cb18a4019011db3713df988ab7b88880b4ff8e6cbb8f124bd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.9MB

MD5
2a660a8cb0fc305999906351f40e0af6

SHA1
efdb456b005a8b6141724a93fc6d115e2301703c

SHA256
33dcb3de2f0ce31792d06655a3082a8db598afa012320565caf7747befa34f42

SHA512
e3833243d674e7d34f25f9f269fb4f0e678aab84b88c1df8bb0a43a2da804405e294dd878b51c8b8e1da4f7cee6b79f626efac60ee1d876a022ce2b6c0dea4fd

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.7_ALL.exe
Filesize
91.2MB

MD5
b357a9caf11803f27a43b237d90c7498

SHA1
4f8aa9d2500f6d377797ead2157001d0d407b491

SHA256
223ac64e013ed819d4332c55ed6a7ecd203dacc3a252bfc70b2174e54b892f3b

SHA512
a4b453d032d8e200220f2410bab8a1eab0c9ee1ca5a58ffed7e6b2648bdb5f48bdb6305bfe63cb57dc9f73c92bc116ac18d5e9b9c0da781a1bc360be8ee6ec03

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.7_ALL.exe
Filesize
91.2MB

MD5
b357a9caf11803f27a43b237d90c7498

SHA1
4f8aa9d2500f6d377797ead2157001d0d407b491

SHA256
223ac64e013ed819d4332c55ed6a7ecd203dacc3a252bfc70b2174e54b892f3b

SHA512
a4b453d032d8e200220f2410bab8a1eab0c9ee1ca5a58ffed7e6b2648bdb5f48bdb6305bfe63cb57dc9f73c92bc116ac18d5e9b9c0da781a1bc360be8ee6ec03

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.7_ALL.exe
Filesize
91.2MB

MD5
b357a9caf11803f27a43b237d90c7498

SHA1
4f8aa9d2500f6d377797ead2157001d0d407b491

SHA256
223ac64e013ed819d4332c55ed6a7ecd203dacc3a252bfc70b2174e54b892f3b

SHA512
a4b453d032d8e200220f2410bab8a1eab0c9ee1ca5a58ffed7e6b2648bdb5f48bdb6305bfe63cb57dc9f73c92bc116ac18d5e9b9c0da781a1bc360be8ee6ec03

Download Submit
C:\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperCore.config
Filesize
803B

MD5
64248d2c500318bdd1f963905302ba87

SHA1
b075b452515b033f130518e83ad05f1896efb9f5

SHA256
6d03dc041d84644b0ce097f9313ed49ce38604b664db444aece1640731625298

SHA512
1909784250a9365a8a0d4d0c50a43553bd9003965fead60ac8d0315276a65b43e9c32a57216461cda0b68feae1d56d0c0242d18ed2202d424e04395e939cc68e

Download Submit
C:\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperUI.dll
Filesize
426KB

MD5
d0c9e6c9e5042fea7468f5f691bb364f

SHA1
b9170900ee4752bdf231145dc7e98d2254cfc041

SHA256
79c2452ce56d0e9c13230bdd087a1e6906adfe6c3893689d73e1f4452165e352

SHA512
e1121d132a99258d66c14e1cebb2c9145ae871bd700327ac2f1ce1f6da66665e94849965503f891eee844bb9e69607108a72bf1e69039f708a61eeba51aa5ded

Download Submit
C:\Windows\Temp\{BC7D5A72-2E19-4177-B920-9261F5C9EB49}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
Filesize
1.1MB

MD5
2a104dbff8b4d77bef59557616fffc9d

SHA1
7b10898dbf79b9313e6a3e26f0b258dcff4e508a

SHA256
4a77192e9109be67b7e8768a7c187b58423a9377c0b540559571650ed5708f44

SHA512
8e06dd637f42395c4bdeefc1ff168b072a56655f955efaf3e9f92009258b021359c3a3ee08050251a8a38893eeef1e490451a1f0cfe19109cf4198b7dd43dadd

Download Submit
C:\Windows\Temp\{BC7D5A72-2E19-4177-B920-9261F5C9EB49}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
Filesize
1.1MB

MD5
2a104dbff8b4d77bef59557616fffc9d

SHA1
7b10898dbf79b9313e6a3e26f0b258dcff4e508a

SHA256
4a77192e9109be67b7e8768a7c187b58423a9377c0b540559571650ed5708f44

SHA512
8e06dd637f42395c4bdeefc1ff168b072a56655f955efaf3e9f92009258b021359c3a3ee08050251a8a38893eeef1e490451a1f0cfe19109cf4198b7dd43dadd

Download Submit
\??\pipe\crashpad_4396_XOXLYWNREMCVDMNH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nse29CC.tmp\LangDLL.dll
Filesize
8KB

MD5
a342d5a613dcf7e57e1f1a1bd4dda897

SHA1
5448bacb7ae79fc1a35624efd130be31ad914ed9

SHA256
58d4aec72eed0f5bfc6d0a292903a4019f406c00f5017ec29831ae35b108a72d

SHA512
5c9d3976cda336f59720584b2e5ade882a956485033ad14ce2038b04388f19daf2a379ef537ee327d36ddc24984d6fc3be4d51f75f73fcb62c1f214561c45b2d

Download Submit
\Users\Admin\AppData\Local\Temp\nse29CC.tmp\System.dll
Filesize
25KB

MD5
a6797f5ba3cc8c13da1c4c374bee9788

SHA1
6e085737a7daf91a2536ae38356bb1786e310469

SHA256
0182ffbba0cc909677cdd00654feae5e35ee047e7c7b094f3b5b320cbed21aaa

SHA512
da5f8eb85faafb26674e31bdfa2c5d8f2e83fef5f4bf1a14aede4fe36305cdd39c0394df65967f85d33fba91a9c083f1c12145bc7a1b4310e89adf93e366ac1a

Download Submit
\Users\Admin\AppData\Local\Temp\nse29CC.tmp\nsDialogs.dll
Filesize
14KB

MD5
7e1708ebf215276eca7284f19ef12c06

SHA1
d9e10da2c0cee2ed5f05ceb550c00a8bdc56518c

SHA256
4401d9c3cadb5845e0e899e3f7ef325e2f02cd83a982331acef193fed20ab7e5

SHA512
4e7aa02cee85184a8362f2f52d926de318a3c2cf3b8beaed47a1c0f975c5970b9f922996ca584d450c6b165654f2901c4c3615c2e317c3cf0ccfe007e686a262

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
642b45946f401aa7b0a58a24fe98a4e6

SHA1
fb8dd8960f2852578b8f7119e0961156c6d47a5e

SHA256
1f41a5246e00bcee097e0414368492b4bcc2ecd92595b101b931619ed7f4bd78

SHA512
53821d9d1f8c5205c9a7b0f5202b8d9fccf09785369d49b916dda36c1170564569c6fa2d61e34e136882248fb9c326ccf55a89a627f68059ecf062d1fd3a5718

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
642b45946f401aa7b0a58a24fe98a4e6

SHA1
fb8dd8960f2852578b8f7119e0961156c6d47a5e

SHA256
1f41a5246e00bcee097e0414368492b4bcc2ecd92595b101b931619ed7f4bd78

SHA512
53821d9d1f8c5205c9a7b0f5202b8d9fccf09785369d49b916dda36c1170564569c6fa2d61e34e136882248fb9c326ccf55a89a627f68059ecf062d1fd3a5718

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
269ca7a74168882eb57a6e6e3eb88aa6

SHA1
fc56b2480f753873a499501b8f6b7387876df04a

SHA256
3808455a7d749aaa5403e5fe7e1c737f87cf2e6cef7ea3364684e236d9faab26

SHA512
e6d75ea5163656c91ef9bed835a50ffdda7caa0cc52462297331dc2d56997928d4b61c88b1518a60c92ad82d70f4cf4e762b4206cd60dcf0d870c6217cb3b156

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
269ca7a74168882eb57a6e6e3eb88aa6

SHA1
fc56b2480f753873a499501b8f6b7387876df04a

SHA256
3808455a7d749aaa5403e5fe7e1c737f87cf2e6cef7ea3364684e236d9faab26

SHA512
e6d75ea5163656c91ef9bed835a50ffdda7caa0cc52462297331dc2d56997928d4b61c88b1518a60c92ad82d70f4cf4e762b4206cd60dcf0d870c6217cb3b156

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
269ca7a74168882eb57a6e6e3eb88aa6

SHA1
fc56b2480f753873a499501b8f6b7387876df04a

SHA256
3808455a7d749aaa5403e5fe7e1c737f87cf2e6cef7ea3364684e236d9faab26

SHA512
e6d75ea5163656c91ef9bed835a50ffdda7caa0cc52462297331dc2d56997928d4b61c88b1518a60c92ad82d70f4cf4e762b4206cd60dcf0d870c6217cb3b156

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
e1d3800b45e70f18f9d5389d902a73bf

SHA1
fc78438f7a5c99ae3b6df14f2a5d6d6022cb6db3

SHA256
54801cf712e978ea5ddcc66057f1f746f92d594eba35518d3af95ae8e79a9d73

SHA512
2d86badcff15aae025b297311d472ca2e4366c7357717fbb2e006d76744f156da17bdd616640167cb18a4019011db3713df988ab7b88880b4ff8e6cbb8f124bd

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
e1d3800b45e70f18f9d5389d902a73bf

SHA1
fc78438f7a5c99ae3b6df14f2a5d6d6022cb6db3

SHA256
54801cf712e978ea5ddcc66057f1f746f92d594eba35518d3af95ae8e79a9d73

SHA512
2d86badcff15aae025b297311d472ca2e4366c7357717fbb2e006d76744f156da17bdd616640167cb18a4019011db3713df988ab7b88880b4ff8e6cbb8f124bd

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.9MB

MD5
2a660a8cb0fc305999906351f40e0af6

SHA1
efdb456b005a8b6141724a93fc6d115e2301703c

SHA256
33dcb3de2f0ce31792d06655a3082a8db598afa012320565caf7747befa34f42

SHA512
e3833243d674e7d34f25f9f269fb4f0e678aab84b88c1df8bb0a43a2da804405e294dd878b51c8b8e1da4f7cee6b79f626efac60ee1d876a022ce2b6c0dea4fd

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.9MB

MD5
2a660a8cb0fc305999906351f40e0af6

SHA1
efdb456b005a8b6141724a93fc6d115e2301703c

SHA256
33dcb3de2f0ce31792d06655a3082a8db598afa012320565caf7747befa34f42

SHA512
e3833243d674e7d34f25f9f269fb4f0e678aab84b88c1df8bb0a43a2da804405e294dd878b51c8b8e1da4f7cee6b79f626efac60ee1d876a022ce2b6c0dea4fd

Download Submit
\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperCore.dll
Filesize
87KB

MD5
b0d10a2a622a322788780e7a3cbb85f3

SHA1
04d90b16fa7b47a545c1133d5c0ca9e490f54633

SHA256
f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

SHA512
62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

Download Submit
\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperCore.dll
Filesize
87KB

MD5
b0d10a2a622a322788780e7a3cbb85f3

SHA1
04d90b16fa7b47a545c1133d5c0ca9e490f54633

SHA256
f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

SHA512
62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

Download Submit
\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperUI.dll
Filesize
426KB

MD5
d0c9e6c9e5042fea7468f5f691bb364f

SHA1
b9170900ee4752bdf231145dc7e98d2254cfc041

SHA256
79c2452ce56d0e9c13230bdd087a1e6906adfe6c3893689d73e1f4452165e352

SHA512
e1121d132a99258d66c14e1cebb2c9145ae871bd700327ac2f1ce1f6da66665e94849965503f891eee844bb9e69607108a72bf1e69039f708a61eeba51aa5ded

Download Submit
\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\BootstrapperUI.dll
Filesize
426KB

MD5
d0c9e6c9e5042fea7468f5f691bb364f

SHA1
b9170900ee4752bdf231145dc7e98d2254cfc041

SHA256
79c2452ce56d0e9c13230bdd087a1e6906adfe6c3893689d73e1f4452165e352

SHA512
e1121d132a99258d66c14e1cebb2c9145ae871bd700327ac2f1ce1f6da66665e94849965503f891eee844bb9e69607108a72bf1e69039f708a61eeba51aa5ded

Download Submit
\Windows\Temp\{5F6723E9-A9A0-4141-B755-8A7FD6F6C937}\.ba\mbahost.dll
Filesize
119KB

MD5
c59832217903ce88793a6c40888e3cae

SHA1
6d9facabf41dcf53281897764d467696780623b8

SHA256
9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

SHA512
1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

Download Submit
memory/4112-194-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-198-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-196-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-173-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-186-0x0000000006E30000-0x0000000006E7A000-memory.dmp

Filesize
296KB

Download
memory/4112-185-0x0000000006C70000-0x0000000006CDE000-memory.dmp

Filesize
440KB

Download
memory/4112-197-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-195-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/4112-178-0x0000000004800000-0x0000000004818000-memory.dmp

Filesize
96KB

Download
memory/4632-711-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/4632-625-0x00007FFA2EA60000-0x00007FFA2EA6F000-memory.dmp

Filesize
60KB

Download
memory/4632-624-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/4632-626-0x00007FFA2EA50000-0x00007FFA2EA5B000-memory.dmp

Filesize
44KB

Download
memory/4632-882-0x00007FFA2DDC0000-0x00007FFA2DDCD000-memory.dmp

Filesize
52KB

Download
memory/4632-880-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads