hxxps://google[.]com

Analysis

max time kernel
1800s
max time network
1725s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 33 IoCs

pid	Process
3528	torbrowser-install-win64-12.5.2_ALL.exe
1148	firefox.exe
4712	firefox.exe
4732	firefox.exe
2928	firefox.exe
3636	firefox.exe
4716	firefox.exe
4584	firefox.exe
3544	firefox.exe
1248	firefox.exe
884	firefox.exe
1256	firefox.exe
4856	firefox.exe
3236	firefox.exe
1668	firefox.exe
2248	firefox.exe
1692	firefox.exe
348	firefox.exe
2380	firefox.exe
3284	firefox.exe
2692	firefox.exe
2456	firefox.exe
4688	firefox.exe
1240	firefox.exe
1440	firefox.exe
4160	tor.exe
3976	firefox.exe
2836	firefox.exe
1944	firefox.exe
4292	firefox.exe
4164	firefox.exe
2372	firefox.exe
3852	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
3528	torbrowser-install-win64-12.5.2_ALL.exe
3528	torbrowser-install-win64-12.5.2_ALL.exe
3528	torbrowser-install-win64-12.5.2_ALL.exe
1148	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4732	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
3636	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
4584	firefox.exe
3544	firefox.exe
3544	firefox.exe
3544	firefox.exe
3544	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
1248	firefox.exe
1248	firefox.exe
1248	firefox.exe
1248	firefox.exe
884	firefox.exe
884	firefox.exe
884	firefox.exe
884	firefox.exe
1256	firefox.exe
1256	firefox.exe
1256	firefox.exe
1256	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
1256	firefox.exe
1256	firefox.exe
884	firefox.exe
884	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
4668	4156	WerFault.exe	143
928	3964	WerFault.exe	149
2380	4508	WerFault.exe	152
1336	3764	WerFault.exe	165
820	220	WerFault.exe	171

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371542128942896"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{C973E2B9-C14B-4281-B20E-A19128900D1E}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
2268	chrome.exe
2268	chrome.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
4716	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
2928	firefox.exe
4180	chrome.exe
4180	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
4712	firefox.exe
348	firefox.exe
348	firefox.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2928	firefox.exe
4156	SearchApp.exe
4716	firefox.exe
3964	SearchApp.exe
4712	firefox.exe
4508	SearchApp.exe
3764	SearchApp.exe
348	firefox.exe
220	SearchApp.exe
3284	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 4840	3904	chrome.exe	81
PID 3904 wrote to memory of 4840	3904	chrome.exe	81
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 704	3904	chrome.exe	83
PID 3904 wrote to memory of 4392	3904	chrome.exe	84
PID 3904 wrote to memory of 4392	3904	chrome.exe	84
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86
PID 3904 wrote to memory of 4712	3904	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc65e19758,0x7ffc65e19768,0x7ffc65e19778
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:2
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5048 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4844 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3416 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=820 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5872 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4904 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5316 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5804 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5896 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5996 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6252 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6416 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6128 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4020 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6024 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6900 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5896 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 --field-trial-handle=1900,i,15740967461793265644,10662003969675225298,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Users\Admin\Downloads\torbrowser-install-win64-12.5.2_ALL.exe
  "C:\Users\Admin\Downloads\torbrowser-install-win64-12.5.2_ALL.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3528
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1148
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4712
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.0.2068918740\359318324" -parentBuildID 20230707030101 -prefsHandle 1796 -prefMapHandle 2076 -prefsLen 22139 -prefMapSize 227720 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4712 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1248
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.1.2118708014\2108159779" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3020 -prefsLen 23714 -prefMapSize 227720 -jsInitHandle 1088 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4712 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:884
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.2.879943147\1600204915" -childID 2 -isForBrowser -prefsHandle 2868 -prefMapHandle 2884 -prefsLen 23821 -prefMapSize 227720 -jsInitHandle 1088 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4712 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1256
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.3.499588903\593243779" -childID 3 -isForBrowser -prefsHandle 2468 -prefMapHandle 2932 -prefsLen 23898 -prefMapSize 227720 -jsInitHandle 1088 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4712 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4856
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.4.188277379\1320421382" -parentBuildID 20230707030101 -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 25212 -prefMapSize 227720 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4712 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x3d0
1⤵
PID:1924

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\d3ca0e65aafa4fa990f023e72ee4c351 /t 3976 /p 3816
1⤵
PID:1644

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4732
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2928
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2928.0.1419903751\1639894120" -parentBuildID 20230707030101 -prefsHandle 1592 -prefMapHandle 1584 -prefsLen 21449 -prefMapSize 227580 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2928 gpu
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4584
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    PID:1692
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:348
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.0.1441830630\1296968007" -parentBuildID 20230707030101 -prefsHandle 2272 -prefMapHandle 2020 -prefsLen 23679 -prefMapSize 228520 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 gpu
        5⤵
        Executes dropped EXE
        
        PID:2692
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.1.1612905384\1942287362" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2772 -prefsLen 23753 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:2456
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.2.204839417\1665024165" -childID 2 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 23981 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:4688
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.3.452287490\36604949" -childID 3 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 25095 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:1240
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:2aa406c0f4e48b876064819714b5395a33a369491d19e3f119e00447eb +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 348 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:4160
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.4.177123852\1627688221" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3980 -prefsLen 25775 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:3976
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.5.562899058\516885115" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 25775 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:2836
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.6.736322932\1587323713" -childID 6 -isForBrowser -prefsHandle 4308 -prefMapHandle 3556 -prefsLen 25875 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:1944
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.7.1365872583\1303222079" -childID 7 -isForBrowser -prefsHandle 4772 -prefMapHandle 4796 -prefsLen 26047 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:4292
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.8.1628595464\811512147" -childID 8 -isForBrowser -prefsHandle 3680 -prefMapHandle 3984 -prefsLen 26056 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:4164
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.9.1449569634\255001193" -childID 9 -isForBrowser -prefsHandle 4964 -prefMapHandle 3856 -prefsLen 26056 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:2372
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="348.10.1176444798\1530092868" -childID 10 -isForBrowser -prefsHandle 4684 -prefMapHandle 4736 -prefsLen 26056 -prefMapSize 228520 -jsInitHandle 1252 -jsInitLen 277276 -parentBuildID 20230707030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 348 tab
        5⤵
        Executes dropped EXE
        
        PID:3852

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4716
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.0.401303624\2043731219" -parentBuildID 20230707030101 -prefsHandle 1556 -prefMapHandle 1548 -prefsLen 21449 -prefMapSize 227580 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 4716 gpu
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3544
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  PID:1668
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    PID:2248

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3636

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4156
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4156 -s 3976
  2⤵
  - Program crash
  PID:4668

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 4156 -ip 4156
1⤵
PID:4868

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3964
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3964 -s 3564
  2⤵
  - Program crash
  PID:928

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 3964 -ip 3964
1⤵
PID:1980

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4508 -s 4012
  2⤵
  - Program crash
  PID:2380

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 4508 -ip 4508
1⤵
PID:1000

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3764
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3764 -s 3640
  2⤵
  - Program crash
  PID:1336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 3764 -ip 3764
1⤵
PID:4380

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
PID:2380
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3284
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3284.0.803696610\1434978842" -parentBuildID 20230707030101 -prefsHandle 1608 -prefMapHandle 1600 -prefsLen 21449 -prefMapSize 227580 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 3284 gpu
    3⤵
    - Executes dropped EXE
    PID:1440

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 220 -s 3660
  2⤵
  - Program crash
  PID:820

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 220 -ip 220
1⤵
PID:1160

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x108,0x128,0x7ffc65e19758,0x7ffc65e19768,0x7ffc65e19778
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1996 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5176 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5556 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3424 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5824 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5764 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5656 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=2512,i,4700995854758945807,4221080768973434344,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x3d0
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a585eb2d83cd802e066ccef3bb88d092

SHA1
09e95904f834489ae85ac2007025e4bfe6f3016b

SHA256
0cfb17e6a2ab35d61855c36307258d7f5bd683b0530198c52d2637f1b878926f

SHA512
eb63f7996b69835c10b42ea0b45c40f9eff5aeb25adadfa8707228377a537d37241661fa21bf514e7f4a4f63e3ab0bbb226dfef7e6ec1bef08b61305fa833a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
18KB

MD5
446d1de40957fb8caef6fd4810e483d2

SHA1
b06fd17295dafa6930a2ba76b5770c44bcb3e92d

SHA256
b8e73f490d10d09100c7cd6d6e9ce44ed80a74788aaae759800c4e6dfb94af16

SHA512
9e6c78ecc37cfe4abb0086a1c45cfb33bae7e4c38ac6e834f5b53042046034ac76fee3993a8e218dea0e341fac0bb140159b58fbe7c16d7adacfc33b1f959532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
88KB

MD5
9400ad7c7071864a4ea1375725559554

SHA1
f0ac4f688291a7835f564295befdc1c2caf88b70

SHA256
9607e527d5ab4886204529606a1891f24cae4e4e9a7246bc391bbdc7847d1d1a

SHA512
0bdb94d93e8938e71e433bd8d90bf5d3afdf5b4259d1791c192b16dd02466017a1b17e01a25757ab00c2574e36bf553ecb47d1156799ee5e260ce2f5c628c050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
235KB

MD5
042f76a75c5777a74fb1bffefb8696ef

SHA1
b18291f78fb4a18b985180350a147f35b4ec6fcb

SHA256
925356c19faf109d261463dad3d5589051b758da5dc9f7fc96cace2a98b02758

SHA512
6bde93318604080abddf7447a2cfa10b6785d43a17d73a59ef6ff2a5bff8ea503e6eb15ae60ecd625df3fbaeffff89e7dc31724287042c088665f7d7cb5b0b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
70KB

MD5
9985c020154ee9a945660caa9c202423

SHA1
25f53251f2bf58ed4225418a1261b278893a8d6b

SHA256
b4f04434a6e8804d138cc95f74c839f0e61bf8b2f61670d5ec9a84eb038d6028

SHA512
4dbf9517b3aa80186dbda15ac71b31708a6ac0e106d66168cf1e54e4b11dfbdbf77490af93fd21c5073f1abe8fb644cf1e8a8ba9bb297bcf63db8c38f6b2ab90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
233KB

MD5
e895103dc8da00ab584c427cdda797ce

SHA1
2ee14b4ca17da6184a8c8aa6bcdc600fa7a2f022

SHA256
2e973c09c400cd96ec998cf2a21d67ea069243015e01c66c6d6c97f64fc97b63

SHA512
905bf0f18c4a10464c292d262a65d343bd4ad9a5ae959997b37d12d5ae59974d1485c20915ed2fcf54c510ca87c78853279a577bcf729ad14e8eafc40756b7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
28KB

MD5
7f4094accb2f4de3c96f156d4e5fc872

SHA1
748c871cefeb9cc79dbdcc76b6b17a3296fbe463

SHA256
127d204174461a85f97919dbc21403ced5f863b1c4bc745ed6a79d50d68d49e3

SHA512
0dfd6e5fccf2959d80498a5369cc9999925985de85bf9404288e06d34cf699b869983faebddcc8807a2b75258deadf7e2f7b592adf69e93010d8a26ae647fe26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
28f9cd9819986a8ec9112a4e6d482eaa

SHA1
6cc15e88c9ccdda1dec35692430c1a82b92e3861

SHA256
4b6fc12b65e143176d06320c9644ee6f49330200726d30939767dd21d8e3818f

SHA512
a603337512774fc292e58ae08b2bd43e1fc9256355015a9995919d3038e4b4a445ee71a1cd696f26b94c49b424c9aa9167ac35da5f2d42c14ac29fe6c329a7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
544d2ea2f65d980e32e65895a5c2b7c0

SHA1
5b0067b8b26a2064edb39fa245149772c124403f

SHA256
1c57b9462a7dfa7e33c2fb75f93c440931a0a74cc5e93fc85337c505d68f783c

SHA512
48aa35abdd60b33ec9ddc5b618b6270730be5f1fcf4670b9d26f38f381312263a451ab2b61df0f5b68b559b3519fd20d6801359a334ab612eba4c15c00cb0967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e33ae7dd7d8ff72b94b3917188b6fec4

SHA1
1b357dd0597f08b6dd542f7808bccc5076d92812

SHA256
f175c7b7fcfe6387700895255b2fafcfe0ef3f59a1ea60189bb042c5bf0c5fd0

SHA512
0120068de1d20544fe51aa3c10538a37ea3d654ee2c93eef97afb234819d4d9753e189db37efd7bb90cb378775feabdbe64107edaa1b8ea4b173485a79a19109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
00a18217117fa16cbc0ba2c846ec0bb2

SHA1
a818ac515bfd6431ff5066c23e8ab96365ebdc8c

SHA256
1e6d971c1f9530da336cb6b9d5b4fdc7deb74028c2cb9fa7f44583d916de3879

SHA512
c9dd24f333dadb2c827595bd0793ed830b24facbb5b2833c7ed264e2c0d8f6b6e7eaa1c8da1a3c9d6723e86982c2f028ece7eb702f0b4db64d218c1f328f430f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
cdc8dc05e2cbbe779019129261182909

SHA1
98e7f959acbbd6f5dfb20e6e3498e1a2c3eebb0a

SHA256
54c956431c0c9e6ccfc04fcd3cac59624625f179b5765f2c63ee0b131a52c2ea

SHA512
25d7b3b82ae9646ffdd9a7f10a49b7441a2111299a3cdb568c72a92bb61674f374c371d5d280618f0582ac529f9ccf7ad4537d3e2a8595d917da7b37faf070d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
24435b06d2d9e46c3efadc087ec923fd

SHA1
4f00372a67ea97e4475205814cdd50c77cafbffe

SHA256
016337e503c3766df136c4178ccc8d92c0f88270e62a49478b77f846cb0582f3

SHA512
f609d7589305d51b283e6029b6fe13f82e2793f4f4cceda31b743f5c5f5f0c04e9e8296bc85752d262951505d70bed3fc8f6843c5c534fefb6c38dcfa49e02ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
45fe99900986d7237d79f36737a0908b

SHA1
bc7b8b151be5fb2b1549e1f1f9d16e3768e10f2d

SHA256
997d61d8d96de7975c339821e0b55cb48fab19dd1283f0971ce94ad7b6e4b8a5

SHA512
cdfdfc29c27addb2dc1ba982dd5835f16d0e388a49b67d62a543474606e2d306da9730bea62ae78f185ca96f52cb0f6b8b70a96875cbcb1e686c32a7a5323905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a54a09dbd233035cc28250f548110355

SHA1
30ac6185913c7c27e3250cd04816c0492ad1a09f

SHA256
c5d4624c695e38324fd5a089c11902fdb354891e7f101625aaf7ca1f66358140

SHA512
a32e0ca01be90c940623fb714830094025ac277b10a828cdeaec66fe47b3a9e10f9cf9b6fd14e9fa66c644f3a15192c59b5bb7ee06ef78f9f75c2ff01e33b215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e4f9f906028453b520cb81e6db176e64

SHA1
2b5edde8d3b4fa6ac4a7ce061579348458b85c28

SHA256
8f6e3a1a8f128b70f6ac54572e86a9e0d6a9f7e16e8bcde8ae15a665b4acec7a

SHA512
e293a995bedc61371d3df56eabeb10f63ba9de160bce107633b5f14330ef5c0a3f9e806712d334e1a2200ecc53e8b45f608dccfb23a937d45a3fa6a6ae13d316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
41ade5a801623d21379ab752d5bfbc66

SHA1
966f47aa2dd2808a9963ff6c37ab550e8d7a2e45

SHA256
d061b9793ce2a7cca7be74b91d74f7eefd987a3760636080e16c964293ce415c

SHA512
5520c6262a4d1f4d599cad2dd8fe5f2f442c1bf9211d0ab0c5cb3ec17f6fab5cea84d73c4dbff9f7470a95411bf776d2939d0ad7d7a3f1fca800cec3d09baae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3976066b737e99fcc9cc9e51133903a7

SHA1
742c31719b033d605ff8de748d889ef46ae00304

SHA256
cbb2c6abc5d94eb50d5e5479008068372e05b41ba3d4f9b6069981d9f6ab2bf7

SHA512
0fb052c77d74fdd58835b97b624ffb5156562d47c5e09cdf4b4c6fc30fa831d13af017a9a7c4a3cbe2a65d631add6038abbb588b5dadd177e848fed1bc562ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ea2f89d89b3e7eae5038204133e5e8e

SHA1
f7931e3e4ed449c41dacae8b30aa37c191091156

SHA256
f167c198472372150d30379d18de724ae7f3b372ada4c1b64040417ee5c76816

SHA512
fb90c7ccf02a6518536fcaa998411cc4bbff3163974a9f48fe9e70fe04f87d7cdaf5bcf8ef0010715ea56be7aeec1d55a92a1b8be0878928edf038f870215a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab61e7d0dcc12b189acaa77979c4ae25

SHA1
a4c4a0c700b48349fedb69a3f2b5c7d042130b5f

SHA256
033c8001955bb3e548577ccc7b737f9c625ba96f80d81393ebc1b59bbe97ad75

SHA512
9b25fe73408778f0de1aaab12b6a646ba7e5767dc9c3b57d298fd197365d13852991435aa130597208ee1e4fb26df472d7cc97fd15c28f57aead8a4197c96898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9e822b89d952efea1defd6d61739582b

SHA1
5429092ad6ce686701d17917f3ec6fb2efca66d3

SHA256
fb9c7a921f7ea920901f2f70d8d05c49743f27fc910a1f9d0584b04c699800f0

SHA512
cafc13175961d5ad3ea75cb3ca43c079363e94b07a9a28712544f5e72deaec08a76b44170e18c60d66287043d4fb6a9dca1b93baefc307e96775b8efad1b9f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
445b41c1d8a56fa0cd895f3a0e750dd6

SHA1
4b287b1fd5f63b80f45a76da67bf794683613d53

SHA256
ab4d468d4d32cf5db115a81738a0b217ef6b81c3a2e8354ea36756f61457e8d1

SHA512
f057b1681329431f9bac87458ebd7f99bc8f9b0dbadcbd82993e5381a88dce63a18b146a9da77b9332aeea2d662b6b8e285e2ce20b25c0f5cc1d5211a24c99c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d8d1d4953094564d2b39d4ca7f353571

SHA1
deb1de7e1ebc7b6e8f2c53a9b303b7cc93f77b25

SHA256
6a686093d04e93685280a24d0d70597c77d59003297fd8a4c3d873276ad4ac62

SHA512
bba3e8cc22d1e8c55ac1edad486560d7dbb5dff41355f43bd0e3816c8a398d501869b2bad1d9663372b52473edd2ea3f202df7f0f29843d307a67f1b8660f583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
47d1d9155d0d8c8686970f2660b7e8c4

SHA1
da5dcdbbee0f0297e804a6d00ee661ffd48bcd81

SHA256
fccb3891930a5e51a6a8446d55520a818c66c03ea61f060243b7de8caaec174d

SHA512
637edcea9a12f00497060276e994578771f91a19db7147f87ab5e54b2a8ef4c0e3d11769cd1cd7591efb40b46068c482d3c8bb2b9c628ba2a836cf98b9b70739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ac779c19996d6f6cabbc440833ae0c89

SHA1
74cc01ebd72ac99ec9660d899168a05ab533de2c

SHA256
604453e1189e8aac0bc8d451a6133a720a7fe32e45790ccc31b6d668e4c4f2dd

SHA512
2694296111462e8a4391b59fcd2d90f0cb6181ab3b7d15cc8bb1e039d037b57e71f22e65164b678ce2bd256d47c86f5880ab1d372a2456df9411bddfa390c449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
84978a5407f2f49abee05a63bbf46cf9

SHA1
231d42f31d045a052bd3a030c9f8f9cba363d194

SHA256
7c0cd96fb108ee7999dde50801a70a556b5162eb2e580230d7625ac715adceb6

SHA512
8783df53062d2f5331887ebd0943e952068238a8fbfc01edb0e7ba9cf20594feca82f36363babd543b79b7b85d64919d76ccf547d8bad5050dfb3d690bce39bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd893a476a20fd2a84cb9b9bfecad1e3

SHA1
83212288ef77eaddb8cdad5ed68d15a0a5fa52c4

SHA256
887cc4a6c2daf27e5210905e77ae88dd5694be29ae52e45cecae817617c72f42

SHA512
9672aae743963634d5b720bdc9eda7b9cb04376b1612804de4b74a2d7df8a076fba362616be213fc6423e3888db9e48a6247d85036d59210a9c2ce3d873b6094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
60777d444ab648309aa7a027ec94bfb1

SHA1
533b6fa7ad71f9cc0c76ee356fd05a166b174f46

SHA256
29a26e39db31364688b589b54c2e9149ff0ab6115cfbdb8ecbab0c28f8246f52

SHA512
763ef26980bf503e087a37f0f3227a8aae6ac57e0d77c11a4d5f7038f2d1a53681b75c60aba2b1d43a70e026618c8c51daf6dc29e358bc3f4ef560e2a590fa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e64c3cf5d708d254c0026bd9c2592434

SHA1
d65c5600ae28804b4fbb24098092770f8c695645

SHA256
1ff2e148a9c66aeb00fa7ef0b330d815879d468ed2f1276b55c740e5444e6f33

SHA512
901c8c91dbc05276034003426a457ad0ecf34d0b6711041c3356e4da11368053ff2853e27b6e5b04952bd6feff2fc86fdb2abe9b901a76f068fa13c0dc589a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5058de163da745cf3a3e6268b4dbe4e0

SHA1
80681909e77fb9a45f5ce5d6c3e52d287311c321

SHA256
8292459f85d8955f06af1b9ddeac9d9ae78f84c1fc7b7d19f9658d8a1add7ea6

SHA512
4b6cc7de0bbb07c702ee840af860316c042a0cce45228cfdcb43459ebd645b4fb8d7e41fc5a0cfd3a08ce87b69c768e6277242e022848dd0ba5ab2473edd6b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0e419d69c1db71babea301603f857810

SHA1
a25f76ebdcacb218db3389272c66c3d6ab9e2647

SHA256
22ceada935ab255205b7c1003b198739f6db19f86cf79ee357df61b4889274c1

SHA512
ce80367c8f09024a48833b185c24aabb32518dd9a756a234b2781b7dc796dd1bc1dbf030d0c7da51563d078ae2e02d75bab18a4c6c544798589aafc7b2a2e961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
361ed63204459d42cee34246e6613e5c

SHA1
8caa650ac0430d1753f66b635a6dc00c180f2d14

SHA256
01f001a50f1d47910fc9afb0924851a19f446289942ddf635f302114024adf45

SHA512
15f49d9c7d0a8f3d18a8b520040383d34d97fff573c4dd5ee9f6af130001f58b6b98139a4167c774d844738698464e637c5296ea97a525a327210c4bcca9401a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca8093e51e3e4700947bee1bb5aed80b

SHA1
a8e167df8819ca0fd73663d749fac0d059644b9e

SHA256
ba94ef5ab8bcdd78a7ef8ce1cf0b54032d948309ed5591f53adacaccba76b9bf

SHA512
d47e27d45a082accd9d577e9b22d03b6c50b0ce1da574149f4ba7791db94890e7b12ae93a0c8dbd69a12fbdfbda0ae759b89deb9be60532a08e7613f2801f507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b8f2dda133e91abe8c551fe3f9d6e35

SHA1
233d3b1ae69bf4bbae037abb5151dcb547fc080e

SHA256
7860f5e5cb8894cc4ed020affe6bbbe8e06e3d261675f25e5ddb3d44ff7a3312

SHA512
08a3485dfc7f02902a6df018d568acf7f8e2797bdfe623fb893ae5783f54d6e3b258a00a63af15ada1a026a44ab911722b81def4989651c9426967467bf099d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
89119e0fccfe10b0a779ff3a35d33833

SHA1
aec015bd1b316be7c2c65cb64192ee6db1d2ac93

SHA256
524afca523fb46b4c1fdc4b3c021649390f3174ada2eb5235478d1d74749e6fe

SHA512
caed1cef1d21acb46af46ce2b733e13ab68863536c1b55e5cddf2acbe42256c6548f4b530f117e3af57839157ce4d17fc466e1170183abf2cb26959d42359e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b84c6f3220e4f55ac26f2abca229e4f5

SHA1
56cb59bdc40e558dff30e7d7f43e21aa0f8e7c5f

SHA256
356cc9e20ce0a7914e13b41883095c818910b48361f148276bec1cefa8d41a07

SHA512
2effaefbf4eaf4a5033d6ccbbe5569a6943e60ca8fafa40cfb0fcca2ef0e07de7cbc3cf12ef768fd0b0a45cd122693adffd3290f3a62f4e7c7d909de5a552773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ff63032c2a291b7698bd873ad839866d

SHA1
fef9258f8563c7179a17e6d2fc044ba3f9651584

SHA256
22a4ddff26801324ab362bb8db0271e9fdcd11d2be48f9f8370fd6030fa09ab7

SHA512
c75ef5a4e82ecc786fa75aa420a93570997265bc6992c58a17fb3685047a06b8097f94e3d20a806d6ffffcd2646b44fa4a91ee8c6b4ecd69968419e9ee465211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd0d15322225cf2ffc1ae9ec89b70c1e

SHA1
1a021134201afab1235237ec6df6ba4d19fbc67f

SHA256
c7e1d963a1e8d415c5efb70b289d57cabd2f6edd1ac074593cc7d1333481b4d3

SHA512
07b25c640016d9010efe0cdcc06c64b294cabecea19fc14a9ceeda4dfd0e7b05493ecb9f064df05c76a4097df3fa9bd336ae78dbd9f48cc65cc3d5b483508fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
831d7988f9fee70babd4244b4cf65d1b

SHA1
ad90654daae87c5abf94a655622663d6ffe6142c

SHA256
721c810cfa38ad0c66a607ebc129974b83ef3dec0379fe0a9808b3a4b3e74bd4

SHA512
b0fbdafdbdba76dcd9741d417e6404eee7f52d70544a1ce4ae685ea27f734a389b5bb1e8e3ce31c76547ce3fbde5ff9e21e4e0558da1f3a3eb405c85308dcf64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5786a2f89732e222425de069a2ef9872

SHA1
a361bbb02de21a132c44110f465bd9e6247dbe49

SHA256
beccb80696703a9500b6db63e6a0206a34a8350fd5893225c9595695d0248bea

SHA512
26a80bac31ddfd986f1bdc0b27a47b4cac912d0408502eb24b0fa3704f1de0f5a38136e3285da92f44ff8b5b0d93101d3417b090473cf43727340aac02387060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f058d579d87d8700b3ace47ddfed6e51

SHA1
bad0806cedbed4b80ab71622b004b47b6c7b5469

SHA256
bf0e1580297c70f0feafbccfb96925cecfe5406ac321f128ea8b9d78e2047132

SHA512
0725c2b778674ab8803704e4b09160db1b2317004139292020117b982999dfe056d057c77851e33b0885a7abfd3037d99de24face8af4ceb84956284cf5b472f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec65f26ddd111355fe8df63ea9cccf89

SHA1
0e2718eb61123995b9911d7fc2890baf5093da5c

SHA256
3aed3ec90358f6e909ab535da1027b1429717e55c97ff70fd1074c6fdedcf807

SHA512
53e7f7deebda07f038b8dd2925b64a0e6ca0e6d19e4633c8df4080b8b72909aa2cfe6753741efeb2e46b307fcd46beb315a51d5237e5c8179e40ad2f4157eb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ff7ebe2d6085efed04abdde8e1eee4e8

SHA1
c148e852dc868b58aeddf6684e0adeb092781ba9

SHA256
fe3ff7cb670944d22b0e01241a277b12fae50bd6b6a1640c4c001e1ca9ffb7a0

SHA512
edc9b045fefa4b1ff800b8c8b7fafec864df7a3e9abe7da4d86b6d84448e31e2f5e37d3b35963bd31996d7f40c73883b3e21746914abfcc5f432c65efc89d90e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe602e86.TMP

Filesize
48B

MD5
96ac4441f6e856fdde4d6088c47b8d40

SHA1
e0a11e905a9dd5e68c484e7ddee4291f4df2999e

SHA256
95f5132dad9beaf3f13e3779ed6d01affa50b589bc6a2740c681efb1afcb78f4

SHA512
5d4ea4cb38be6a86ac68cd7f5afb64405284a65cd313b2a05f6bb183f65ec4c837f17450cf5dc1822cde72daa8bbed2c6f9f48a3b5229e5cce1cd6874fd02143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ae33e1ad4d1a6690e7a8a4572418040b

SHA1
db0ab8957ff93aad074215265e634aef2091d6e4

SHA256
0dc874e5eca57c7b3aead83951985c76ca05ccf24735b37e29640b1930943743

SHA512
fd4e5e3a4031443c5d667d5b04f6acd28f874b475c6131f40503039eadb9c3979d3f97084f25e0fe8869c034cd262a2134553e99f91acab469407d8d24df21b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
279682c155ccdc98df240bfd3d68b5cd

SHA1
f87643590ace4f9d4a423f86b3d0bf734a9f4a3b

SHA256
bf5a0c2a5b33bbeee0ffdc15cf31d47faa7605218b72b0ad21911a02b85345c3

SHA512
eb42d643f0ccd896b1f832c12ce64629b55d08439bbd56c2979a4e86cbf8d47061b0d4bf3c31260884fab6a70d7452016f2ea446f9085f3c28080421f942d030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e8a3f50fddc2feff97c0a43e9c52c576

SHA1
0882b8aed90832360a7e3fa23326fc1fafde6a0c

SHA256
ce9cef9c68dd2a2f5f83a1b96a0e6a7ad77c14908df68df4e73900d556a85ad4

SHA512
a80e3c0c013b55b98b558628ebc2dec0fdb6ea3bde04e41d5dd800f841229acf3f720b9eca4565215196310f535e4c46f53086c56f516aa7ba2ce86cc7df869f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
89983c68474dfe795d6ff63f7960e660

SHA1
4c64252264e0652f78a7f360dde8beab85c94e0d

SHA256
a3a596715e2defa64417a1292a04f4cf7eb5e9b8911e930870b396f706000b44

SHA512
d0ebb9363dee5ec5f46eda180b2320e383f90b02186e059ebb451d254f50f3a5240ac8136ed4ddca871277f1cef740ddedcca1e869d67754eef42a345d1eb831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a5d0d86f3f66eba712eff64de53e50bb

SHA1
bfdc5a5eec503979aa2293aa00601ba6c1c2cd3a

SHA256
8ded070cd38890b7412d77cdaac5aa66174166746236fa3b0be4aec042cef1f1

SHA512
dc9166dd6c87b916a64dba6f9d0314c8668713535fa7d661e4403be73f57a54a904644a528b90566b7c1732779bc7385877d82302ac17d2db4b8a79a1157d908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
4503a8918f5c0755a1a7d63a924f376f

SHA1
ce2bf675dc12a1662398be0034e654e500bab23a

SHA256
f2bc1e09293e5c15696b5cc5c1c275390513af074cef8c6feab817e7e027f462

SHA512
562e4e02752b4180f4440dea4519c6b62e8b0d3f5fb7ba9017f5d34bffda0fdfd0cc5151b78afd8ff3b27d4a73f409f300e1738aefb4adce3f1151e68d390ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
a1eb07d6448876ddaadcf1623242fd52

SHA1
9590c562f95c34af763f51d302e0b080620d14cb

SHA256
98e188097c4c88518230175f9f5c8c7f543237994e2a9c279e4168b40ea3dc9f

SHA512
3a75dee1328e391f2e01a99b31d02d1178c8dfa1382fe26d897b0dafa82a8777cede0943da859c59cba60bb72b25c556156f104c92d914a9c27f009080958744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
c5f10df1475ecfc2e182278fda4efd62

SHA1
a40184f15bf2b9f0d6a97390ad0d80c4c7d9b414

SHA256
6642f53ba9a4da652c2cc4ca44e1424ae4b2e85f26b76037de144a6acf7eddcf

SHA512
c30062621efb052402ac3824c75a336f4498bee3bb71946710855bb0bac0262e564de4c03f1cac3e16d0e303ce495df38b87de4f22f27c4355938c978b738a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
4bec4278f6a46dfd725be820bb608527

SHA1
197b971c879667d56f5b6bca17ee13d7077d28b5

SHA256
62a6ea8a915df10ca737dd342739b7b00ab2a527adcea3a888af040085c9daac

SHA512
470d153bf9eebc7d51dec9584022819ce343f2d525dbc289280c86fe030b3a4aa1f1a71fb5c5375b7da8337409fe78a2bb4c74b8f9030215327093288474d965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
be28a77418270fe29c88c79f681772e9

SHA1
ebebd140132d69a2a4b7ea75d99e14391d4cb82e

SHA256
ec584815ce54604b5e8bd0926a70befd03d781c0ebec313ba8ffff8e16e57f60

SHA512
fa0fbca7236451c288510ef40a8ea80da9a7fbfffc53da4c2b2905633b29c22da2cc2146baa3785f9d9790105a59468f174722146e438225c9d4980dd943bb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
3cd640892f35d3fc6d5fd7021c160193

SHA1
b9a97e51b6909bc676e2aa3590d173b0c1dd1433

SHA256
4cfa00348e6cb97a184eef715c3c249be163c205806d22c67079b8c9d785a3ab

SHA512
1d7897c1c3c96fb91a536cc71241d520d2460eee3a2984d2f363de935f9408cecbd00a429c413c3aa78ba60fb66007b71c553e0b3175599cca8fddf662575124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ffeb.TMP

Filesize
101KB

MD5
45917bfc651b3d9258c2452317afef27

SHA1
930e8ee32111de854dd2dc886f0e6b1459ccc1db

SHA256
aa4b677aca56c73ba5ef04d5530ed1b27e556e350f0de4d9d3e4cb94cb1662bb

SHA512
ca79345ed9e9383755510437d7ce7ee96a58b54d6909da3b665c95c3825c39abe978fc4877ea5ec5fd82184d683166a0507f85fd2a1f89898e301400c383e978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml

Filesize
96B

MD5
ca164f0f7f747b1e307432b30c0ee059

SHA1
4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

SHA256
d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

SHA512
c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

Filesize
36KB

MD5
fb5f8866e1f4c9c1c7f4d377934ff4b2

SHA1
d0a329e387fb7bcba205364938417a67dbb4118a

SHA256
1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

SHA512
0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133371544798559541.txt

Filesize
76KB

MD5
ef6a6a0622124ec4c71e783d15205e1b

SHA1
14c2719fe9e9c7c7b8475b7b33f0587916f1679e

SHA256
e9f4f2099a3d2fb5d1eb7591563b19fc7c8b1caa9d44c8737042e57edee38737

SHA512
7bd8569bab1f368c9b808d51aab1eb4314e8cf672beb872f1c50d56a4f4f88414f1c37859c318173ca0b13e51c161243fd25a0ea4e0191b8a99bc23214b06d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\LangDLL.dll

Filesize
8KB

MD5
a342d5a613dcf7e57e1f1a1bd4dda897

SHA1
5448bacb7ae79fc1a35624efd130be31ad914ed9

SHA256
58d4aec72eed0f5bfc6d0a292903a4019f406c00f5017ec29831ae35b108a72d

SHA512
5c9d3976cda336f59720584b2e5ade882a956485033ad14ce2038b04388f19daf2a379ef537ee327d36ddc24984d6fc3be4d51f75f73fcb62c1f214561c45b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\LangDLL.dll

Filesize
8KB

MD5
a342d5a613dcf7e57e1f1a1bd4dda897

SHA1
5448bacb7ae79fc1a35624efd130be31ad914ed9

SHA256
58d4aec72eed0f5bfc6d0a292903a4019f406c00f5017ec29831ae35b108a72d

SHA512
5c9d3976cda336f59720584b2e5ade882a956485033ad14ce2038b04388f19daf2a379ef537ee327d36ddc24984d6fc3be4d51f75f73fcb62c1f214561c45b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\System.dll

Filesize
25KB

MD5
a6797f5ba3cc8c13da1c4c374bee9788

SHA1
6e085737a7daf91a2536ae38356bb1786e310469

SHA256
0182ffbba0cc909677cdd00654feae5e35ee047e7c7b094f3b5b320cbed21aaa

SHA512
da5f8eb85faafb26674e31bdfa2c5d8f2e83fef5f4bf1a14aede4fe36305cdd39c0394df65967f85d33fba91a9c083f1c12145bc7a1b4310e89adf93e366ac1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\System.dll

Filesize
25KB

MD5
a6797f5ba3cc8c13da1c4c374bee9788

SHA1
6e085737a7daf91a2536ae38356bb1786e310469

SHA256
0182ffbba0cc909677cdd00654feae5e35ee047e7c7b094f3b5b320cbed21aaa

SHA512
da5f8eb85faafb26674e31bdfa2c5d8f2e83fef5f4bf1a14aede4fe36305cdd39c0394df65967f85d33fba91a9c083f1c12145bc7a1b4310e89adf93e366ac1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\nsDialogs.dll

Filesize
14KB

MD5
7e1708ebf215276eca7284f19ef12c06

SHA1
d9e10da2c0cee2ed5f05ceb550c00a8bdc56518c

SHA256
4401d9c3cadb5845e0e899e3f7ef325e2f02cd83a982331acef193fed20ab7e5

SHA512
4e7aa02cee85184a8362f2f52d926de318a3c2cf3b8beaed47a1c0f975c5970b9f922996ca584d450c6b165654f2901c4c3615c2e317c3cf0ccfe007e686a262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7591.tmp\nsDialogs.dll

Filesize
14KB

MD5
7e1708ebf215276eca7284f19ef12c06

SHA1
d9e10da2c0cee2ed5f05ceb550c00a8bdc56518c

SHA256
4401d9c3cadb5845e0e899e3f7ef325e2f02cd83a982331acef193fed20ab7e5

SHA512
4e7aa02cee85184a8362f2f52d926de318a3c2cf3b8beaed47a1c0f975c5970b9f922996ca584d450c6b165654f2901c4c3615c2e317c3cf0ccfe007e686a262

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
20KB

MD5
3adc9accfd1d3a0f210ec61f92dfc0b0

SHA1
fe4c97e0a953423735957064bcf02ee67452708a

SHA256
fe6aad062dfb203104568e14dd2a9158de4ddc15825da05a0c0e7b6f221716e7

SHA512
5f35eead185adbc440530184dfe1ab4cfb1a4337f71dbc2223b671ced9c272eda6b6670f1113e275e7f50224b34ba1b0a8daa437751a9ad6bef640f9459e0ef0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
42d78090391c53ed96544c7f1c69c754

SHA1
819cb55ab45ca0cb8d3d8512fd38196176c136b6

SHA256
3bd3e3684188ca5e7da7452b209e9e8f48fcc8ac9e48def6292b111aea8d6666

SHA512
2bba577a9faa955d79b0da6aa5b85ba2f1b072e9ec508133f02c3c3cda82197acb56400b91a593ffd64bcc66a1418df234cc6b1e3041d3c40c37f62e47d5bb28

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
024102f1ffd40367e7173797e149af9c

SHA1
cd5e2c0149d23fe544bb4694d6f17839f4cdaa56

SHA256
61ee83077c772b83b2db7b687d3f93e73fe398ca16a2a267818d8ad6eba905c8

SHA512
5ca865121319d60ea96d14688c49e07963e49dc6dc7928f9296c1b90bdec37da70b9b97c3f9e37f4f43caa0f9135e5e5a548f1bbfbf7fb1b3500c3e727ebbce8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
aa745123e29dac20116cd9e92208f216

SHA1
336f31f42501b9b72489f5a968997fe1164ee578

SHA256
ff19a9c24bf2c84be556539f1db367cd9e5960bc687937e7fd99279df1c7343b

SHA512
dbb9089ba78cd60730e8873d227b7a8dc6a843635c80d3489fc40b5ff7d3b294f14e935fd96a15ade4ed648e55e929a944aca98c9f406079703c82c8ee61bb77

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
a9b56f51f435ce60eaf856c1ff71d2d8

SHA1
27c10f5bcfaf301885bdf67517c3369a25b70d21

SHA256
21888de67787dfacaa8ccdec22f7f0c2fffca71265ffd1d1a0f6642a194c8e30

SHA512
137c09841ab29a736f2b572f28512e5acf106e01e1bb3a61b432f24d36cb805ccd1a4567a965721f5d4d17fc97c1ca4012891a05dfe756ab95f4d20dc310bc14

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
d6049318c00a1476f7d520e6486a252d

SHA1
cf03d3b219d83263481484e46a2bb2e1439b955a

SHA256
666affae59290e3930ab82905c74139d7fcf219a38128175aa554ff35f38a0c9

SHA512
3c3c3f6fc9249cca9e84e7d1dafc90804ab648b425c098d9729809b403a3d279a5696a2eebf9e68872c8f8cae40275bd6f7c2ef310329dda8b8384c464b81956

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
326607fc234819d28808d95df188cd25

SHA1
41730c4869d4a7385216d66247de9e5b7294cf81

SHA256
fcdca1583a988733d2c2fb018151f4964cc07c7f5692a1013b2a64459b2dba8e

SHA512
ee6cf2a00a48611bb7a8306ee8e2c383d6f046e2832291f8d70e787f1e228ef9d8d549a7e3c5ee3c3938eb8b258e412072ccf5f3f26970b82ae11c2085027e35

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
34a844bc40a99d7b8a8a76d2bfc7aa65

SHA1
0635efb868777674eceb184304c2c0e81a51c8ef

SHA256
cf80fd9e0173a941d9e4cdbc2f523c0266facec2201c4cb564e4ea6ace82077f

SHA512
8b89737b85fc277c77d7e5cf068342e8d249871255431a497b051534ddfdda284f2a3054691256e603e3deafdf68dee70e37a48c47428c050f34b9041abdd31f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
51b398dc59b401791a1e57bf91ae0a39

SHA1
50d5882f66881f18ce089dde2bd169e6c6303031

SHA256
9ff3f6c1783d347fe5e986e4757bf26de633bffcad84e54e9dd15f2f0bca0764

SHA512
8de7a50a524a0ac59116d419419dca631cd3b797cfa218feb04bc0fed0b1fec56f58a508e6864366136c6a9adca3c7120d989bb22ac507a10ed681a350b7537a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
32817ba562c8f8e24b3612d043b72573

SHA1
7ee283ae9e57f8a9fc5fad66dbf761d9298d37f7

SHA256
7d505d1d1d902426aed1edf735e3138f4ae4124d22832dae60f91b05bf880fd0

SHA512
4cf3df497686c728d697372e5417073ab52cad858cd87291690e8fe5acae6c1c65818162bb6114c7315c28a74e297195bdd02da5aa998fb0a048708dce8d5a49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
e6aa1f1b36d823c8ff67e6f7b72f8acf

SHA1
4ca8bd6dfb9be65938c702066ae3ea550d9878a7

SHA256
4798d751a3a6c6479f7d508d25ce39eff10de2459c6095e08f8535eb60d920fe

SHA512
d5f1198037196e35f45474eadcfb1c5ed20b526307351c6f51f47792aab0af8f3f4a89dc4de9e7b45bbe3d6138e0f28138b7d8d7c64f49191494482f7665f4fb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
20cd189a63fae964cbff836172bfef06

SHA1
3b72cb60661d954f27ef78a9ba858207542e2823

SHA256
3f3ce7a294ab5c61c7622869e4c2f08d75f2cc4f685ad5cfe2dcc85533ce3baa

SHA512
87e17f995a32b835c407783eafa76528ae46d7510f6f7409aedf572c61a03d9ed6330dc72b042ee79ba80bdefb28b28e38bd40f27e46c4f75915ebe8f0ea61a9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
c77ef2dee0db86efeb8dd58ebebe7dac

SHA1
2fc8f6ae1f7ef1c993a8e22b0f9ec52ad57b41b6

SHA256
164669109b7024169a563de7e83864cc15d5dafdf1b2fe2925eb96e1aa327fe8

SHA512
5af4521f64260c464221094630a73d77eb9c01c0c86697de2d7dcf0f7dcf3362ea9f68dab4b013952a87fb7d454db1d88aec15e8dc1dfac0ec6d9e8a3fccb527

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
01c9977c8540d484c677bebf2e1d495a

SHA1
f1a37d8910342f7e0f417b062da715c185b43d83

SHA256
5ca720f951f0ee398e1bcb17c5f1eea992fd191dc34e0773d874d0fec373a9f8

SHA512
ee88119bead8ee10adfe3332d73e540b193aa9fe7df06a8f52cf355dfe28a4c352e942309a61327091badb13c20e7589a697a33f68dca2331bdb3412941d7ba9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
4KB

MD5
d24c99a65b3be128bcd6c599f01d1a49

SHA1
cc0712b2d001f4b1e2408d956a3965412cf25c4b

SHA256
dfc7a3ad0829028aaeadb43805812c3d3805f10bb29374f1cb3e73ef2397e79e

SHA512
c6005d4e46f81bf53cdeccbec602831f37c89fbfe1b8d39f97083a96486e0e8614894c07ee31335266bf41342f86f407ffd995ada01a5eb9ef67430dd36c5c39

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
76cb46cbfe810f8413abd6bf8a0ccc75

SHA1
9c41a3ff984b573e28d2157ccb916ac76eb16e01

SHA256
4a6d2a6d9932d0f7cf3c31af3f7c2abe341e500b47fc758ee395c4dbd92b311a

SHA512
1bece07976229cb6f4e67c9d8ef5120a653ac59f5273ae94fcce2c1f592d3955d33dfd25c2cec07cd2baee005e461e46a6f0d2f814031dd7d88a4292b2ddfa57

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.5MB

MD5
188f5e2072806ddce2478c4000913ba9

SHA1
b2d4e104ab2246fb29ea5fcc10cca042c1cf88a5

SHA256
0f33a6109b4f1e45f2ba87023a9f78e7db98116cafae4cae110aab6b691cac14

SHA512
d1c4fac5092e087503156ce23399f59fb78f62e208de6c1751cc9e9a43d16494378380008bfc84157fbc84a0578e8185cda1ce541ccfdecc8be491e4d27bd678

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
19.2MB

MD5
3800edd9119038a182a518fc42a9e08c

SHA1
a754c7593db7606b12ae0c27e7cc77dd49ce7030

SHA256
720e7d6030b984626d93149a4fcacda299b7ed756d74ac1ee704d7d3797134f8

SHA512
40e5b3497a6adf827cce49a23ed92ea121a2c48bd0c2ece99d7055150c4a3c1e8328c0d13a6ab03b6c0c2ffd37740ac72eae0d6d7b280752a1cf2a69a5aa230a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.tmp

Filesize
493B

MD5
d93a73d948d50b974a413f421c29f8b9

SHA1
3f88084c1aa91281c8a36d1978f95492a0a588cc

SHA256
1c7f544d701123dfb9bdef5623e0fa2483edb3d4125491f95cb2441336ad9325

SHA512
b8420d9afb6ef28eb00494de9fd74b6a2929fc4063090b2838e6afed23e83707efbb23b745ec34a8f5427ae323881f770e733d8edc6f4d16ede0aa1a30d5248f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.9MB

MD5
5b7005ad84b5a9476753da091b008bb9

SHA1
d4c4592f9d9b57aec1b8591200f7aad169676f7f

SHA256
0f500b0d1f9586d3b738a9c652722cd43e3cfbf20a249640b2e122c894a88a8a

SHA512
9de9b9344d0a1f01ff87f5fac5e4ba04188c35af8e6a0bec63cc0fb7752fcc2667e3fa19add43b67a2fb07288faac9d3d2562bddeaec4e98cc1b10b45ddd4454

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
fa84fcfa11fb1b7fff43a015ed1ac031

SHA1
e9442737fdb88b29b44e9bfcbd6d3f221132d0df

SHA256
425d164c07e19a5d2a58248e3321f4af652ab272163a115680de9d14b0da5790

SHA512
60647e0cdb1b06539a5e3f4a149140f52cc68a5e8d4f49d8e0cbc3f2b7c8372894123589bc0387c3f1dff56ebfdbe990867a053757d544b5ddcc57d30d6dd3fc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
fa84fcfa11fb1b7fff43a015ed1ac031

SHA1
e9442737fdb88b29b44e9bfcbd6d3f221132d0df

SHA256
425d164c07e19a5d2a58248e3321f4af652ab272163a115680de9d14b0da5790

SHA512
60647e0cdb1b06539a5e3f4a149140f52cc68a5e8d4f49d8e0cbc3f2b7c8372894123589bc0387c3f1dff56ebfdbe990867a053757d544b5ddcc57d30d6dd3fc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
fa84fcfa11fb1b7fff43a015ed1ac031

SHA1
e9442737fdb88b29b44e9bfcbd6d3f221132d0df

SHA256
425d164c07e19a5d2a58248e3321f4af652ab272163a115680de9d14b0da5790

SHA512
60647e0cdb1b06539a5e3f4a149140f52cc68a5e8d4f49d8e0cbc3f2b7c8372894123589bc0387c3f1dff56ebfdbe990867a053757d544b5ddcc57d30d6dd3fc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
fa84fcfa11fb1b7fff43a015ed1ac031

SHA1
e9442737fdb88b29b44e9bfcbd6d3f221132d0df

SHA256
425d164c07e19a5d2a58248e3321f4af652ab272163a115680de9d14b0da5790

SHA512
60647e0cdb1b06539a5e3f4a149140f52cc68a5e8d4f49d8e0cbc3f2b7c8372894123589bc0387c3f1dff56ebfdbe990867a053757d544b5ddcc57d30d6dd3fc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
fa84fcfa11fb1b7fff43a015ed1ac031

SHA1
e9442737fdb88b29b44e9bfcbd6d3f221132d0df

SHA256
425d164c07e19a5d2a58248e3321f4af652ab272163a115680de9d14b0da5790

SHA512
60647e0cdb1b06539a5e3f4a149140f52cc68a5e8d4f49d8e0cbc3f2b7c8372894123589bc0387c3f1dff56ebfdbe990867a053757d544b5ddcc57d30d6dd3fc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
5f054eda30ffaf24206ef5043404e343

SHA1
71d2f3cb90d4ea170f108ec0d801fd1f9ab9d1e1

SHA256
28ac2aca519e48494d369428cab97933833f30e98ad285738540fab9d5c314a8

SHA512
8c931fff3a711594a2c3dadc4dfecd0ed5c6f860eb8bae578d25865eab0323a5a966901d12dc3af34f236bb013e532cb0fb80a3a90a0f1cc3a6dd7be8ab20e7c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
5f054eda30ffaf24206ef5043404e343

SHA1
71d2f3cb90d4ea170f108ec0d801fd1f9ab9d1e1

SHA256
28ac2aca519e48494d369428cab97933833f30e98ad285738540fab9d5c314a8

SHA512
8c931fff3a711594a2c3dadc4dfecd0ed5c6f860eb8bae578d25865eab0323a5a966901d12dc3af34f236bb013e532cb0fb80a3a90a0f1cc3a6dd7be8ab20e7c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
44KB

MD5
5f054eda30ffaf24206ef5043404e343

SHA1
71d2f3cb90d4ea170f108ec0d801fd1f9ab9d1e1

SHA256
28ac2aca519e48494d369428cab97933833f30e98ad285738540fab9d5c314a8

SHA512
8c931fff3a711594a2c3dadc4dfecd0ed5c6f860eb8bae578d25865eab0323a5a966901d12dc3af34f236bb013e532cb0fb80a3a90a0f1cc3a6dd7be8ab20e7c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
6d35a519a99daa1b1cd140bb19c5f572

SHA1
fa141d4dc89b0b5d7cb6895776cbb64ef11d8370

SHA256
662500bd65a370e3bac208d73ea0cc7c656bd34b760f2112f3e88b5d1e13a309

SHA512
7a4d0a30456fbce22db41d574aa2aada31b84f51f61b563b6ca0b157ee9571cb7305c35a2122f343fb7757d513e6d074c2df7ee1423f5cfa6ec37d69aca875e3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
6d35a519a99daa1b1cd140bb19c5f572

SHA1
fa141d4dc89b0b5d7cb6895776cbb64ef11d8370

SHA256
662500bd65a370e3bac208d73ea0cc7c656bd34b760f2112f3e88b5d1e13a309

SHA512
7a4d0a30456fbce22db41d574aa2aada31b84f51f61b563b6ca0b157ee9571cb7305c35a2122f343fb7757d513e6d074c2df7ee1423f5cfa6ec37d69aca875e3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
6d35a519a99daa1b1cd140bb19c5f572

SHA1
fa141d4dc89b0b5d7cb6895776cbb64ef11d8370

SHA256
662500bd65a370e3bac208d73ea0cc7c656bd34b760f2112f3e88b5d1e13a309

SHA512
7a4d0a30456fbce22db41d574aa2aada31b84f51f61b563b6ca0b157ee9571cb7305c35a2122f343fb7757d513e6d074c2df7ee1423f5cfa6ec37d69aca875e3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.5MB

MD5
6d35a519a99daa1b1cd140bb19c5f572

SHA1
fa141d4dc89b0b5d7cb6895776cbb64ef11d8370

SHA256
662500bd65a370e3bac208d73ea0cc7c656bd34b760f2112f3e88b5d1e13a309

SHA512
7a4d0a30456fbce22db41d574aa2aada31b84f51f61b563b6ca0b157ee9571cb7305c35a2122f343fb7757d513e6d074c2df7ee1423f5cfa6ec37d69aca875e3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
769fefa32ea430c26f859da6f341588e

SHA1
ccd7a8e51b5740d5ff32510d89769052ef519b52

SHA256
298ba2d6c96243863d663a83f0a403583b1a2d612832ff9c943b69814945261e

SHA512
93d983e567dd85c311ea80b16ada834222b36786c38388359dc86608cdbd8c186646a5f1be6740e75a895369649e8841dc93e9744ca86b0ea377af77786ef2f7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
769fefa32ea430c26f859da6f341588e

SHA1
ccd7a8e51b5740d5ff32510d89769052ef519b52

SHA256
298ba2d6c96243863d663a83f0a403583b1a2d612832ff9c943b69814945261e

SHA512
93d983e567dd85c311ea80b16ada834222b36786c38388359dc86608cdbd8c186646a5f1be6740e75a895369649e8841dc93e9744ca86b0ea377af77786ef2f7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
769fefa32ea430c26f859da6f341588e

SHA1
ccd7a8e51b5740d5ff32510d89769052ef519b52

SHA256
298ba2d6c96243863d663a83f0a403583b1a2d612832ff9c943b69814945261e

SHA512
93d983e567dd85c311ea80b16ada834222b36786c38388359dc86608cdbd8c186646a5f1be6740e75a895369649e8841dc93e9744ca86b0ea377af77786ef2f7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
16.4MB

MD5
c2ce38975707902a58c3e036755f27c2

SHA1
d4020473f4eedb40c1a3e1d346c14c0e673b924f

SHA256
59392c558219520e0a5c431188a6aa8caeafaa8395b84c2442e7bb2f986a00a4

SHA512
beba764587eaa8b716220693cae2cdc159a90fd0002b5e7bc89d88c0e9af12af46e884a0bd2ab4b616f3797f4f97c00c8a7e060b4a71e13244d06ae416d3735b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
136.0MB

MD5
075b132c779332c72559d818223a9565

SHA1
b489f25edc79d89615112664d6375df57a694afd

SHA256
d225aacbb42782d360b7b15bd62c300d6b17fc7f0345d1400a091ff4ccec54ee

SHA512
33a997b809e69b7e52cb80a97c9cf74b5f876f2b98b9a7a8a7567712a2c69e8424306988bd3a95d80084fb8db6cc0715018a393b8bb12dc823eed422e6e60cb7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
136.0MB

MD5
075b132c779332c72559d818223a9565

SHA1
b489f25edc79d89615112664d6375df57a694afd

SHA256
d225aacbb42782d360b7b15bd62c300d6b17fc7f0345d1400a091ff4ccec54ee

SHA512
33a997b809e69b7e52cb80a97c9cf74b5f876f2b98b9a7a8a7567712a2c69e8424306988bd3a95d80084fb8db6cc0715018a393b8bb12dc823eed422e6e60cb7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
136.0MB

MD5
075b132c779332c72559d818223a9565

SHA1
b489f25edc79d89615112664d6375df57a694afd

SHA256
d225aacbb42782d360b7b15bd62c300d6b17fc7f0345d1400a091ff4ccec54ee

SHA512
33a997b809e69b7e52cb80a97c9cf74b5f876f2b98b9a7a8a7567712a2c69e8424306988bd3a95d80084fb8db6cc0715018a393b8bb12dc823eed422e6e60cb7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
c5c40af64442e671489afbcc669c9a5c

SHA1
e4900671ab8d6f46823ea6332cbe29ae48382961

SHA256
50d4dc56e6e4423e1bd7d19e14c7fcf63ccf6a70bb7506b7f96fb54730cf64c6

SHA512
e77f3036f9517f8cf160c9750884ca9dcc61cb41f3d57e6d5d67d7d7becde62c009ede640e9f8869b617106d8f6f8cdab504fcbb257bb16e5ecb23029bfe52cc

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.5.2_ALL.exe

Filesize
91.7MB

MD5
8d2f02aeb82b7387ffe74598553d1ea7

SHA1
d2416b8d507dec036c7687b298b47834691f0a71

SHA256
20f9f8287826cb7dd76fbd74cdd53a895f0597a0114dc1d381e4259f8df55f74

SHA512
2ed5fa5062e53958c889c331768c1da163de4a2fbc1f23015344619963f9c4f74b19532374506c7763a841f7adcb222cac72ace56ad1dac49c95c6d92eb23f2b

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.5.2_ALL.exe

Filesize
91.7MB

MD5
8d2f02aeb82b7387ffe74598553d1ea7

SHA1
d2416b8d507dec036c7687b298b47834691f0a71

SHA256
20f9f8287826cb7dd76fbd74cdd53a895f0597a0114dc1d381e4259f8df55f74

SHA512
2ed5fa5062e53958c889c331768c1da163de4a2fbc1f23015344619963f9c4f74b19532374506c7763a841f7adcb222cac72ace56ad1dac49c95c6d92eb23f2b

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.5.2_ALL.exe

Filesize
91.7MB

MD5
8d2f02aeb82b7387ffe74598553d1ea7

SHA1
d2416b8d507dec036c7687b298b47834691f0a71

SHA256
20f9f8287826cb7dd76fbd74cdd53a895f0597a0114dc1d381e4259f8df55f74

SHA512
2ed5fa5062e53958c889c331768c1da163de4a2fbc1f23015344619963f9c4f74b19532374506c7763a841f7adcb222cac72ace56ad1dac49c95c6d92eb23f2b

Download Submit
memory/220-4111-0x000001966A960000-0x000001966A980000-memory.dmp

Filesize
128KB

Download
memory/220-4106-0x000001966A9A0000-0x000001966A9C0000-memory.dmp

Filesize
128KB

Download
memory/220-4115-0x000001966AD80000-0x000001966ADA0000-memory.dmp

Filesize
128KB

Download
memory/884-2541-0x00007FFC73EF0000-0x00007FFC73EF1000-memory.dmp

Filesize
4KB

Download
memory/884-2542-0x00007FFC731C0000-0x00007FFC731C1000-memory.dmp

Filesize
4KB

Download
memory/3528-1256-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/3528-1090-0x00007FFC6D510000-0x00007FFC6D51F000-memory.dmp

Filesize
60KB

Download
memory/3528-1051-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/3528-1089-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/3528-1091-0x00007FFC6D190000-0x00007FFC6D19B000-memory.dmp

Filesize
44KB

Download
memory/3528-1418-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/3528-1420-0x00007FFC6D530000-0x00007FFC6D53D000-memory.dmp

Filesize
52KB

Download
memory/3528-1460-0x0000000140000000-0x0000000140065000-memory.dmp

Filesize
404KB

Download
memory/3764-3773-0x000001EC692E0000-0x000001EC69300000-memory.dmp

Filesize
128KB

Download
memory/3764-3779-0x000001EC698C0000-0x000001EC698E0000-memory.dmp

Filesize
128KB

Download
memory/3764-3776-0x000001EC692A0000-0x000001EC692C0000-memory.dmp

Filesize
128KB

Download
memory/3964-2185-0x000001F03CAE0000-0x000001F03CB00000-memory.dmp

Filesize
128KB

Download
memory/3964-2181-0x000001F03C720000-0x000001F03C740000-memory.dmp

Filesize
128KB

Download
memory/3964-2183-0x000001F03C3D0000-0x000001F03C3F0000-memory.dmp

Filesize
128KB

Download
memory/4156-1687-0x00000278A2420000-0x00000278A2440000-memory.dmp

Filesize
128KB

Download
memory/4156-1681-0x00000278A1DD0000-0x00000278A1DF0000-memory.dmp

Filesize
128KB

Download
memory/4156-1676-0x00000278A2020000-0x00000278A2040000-memory.dmp

Filesize
128KB

Download
memory/4508-2505-0x00000193AD6D0000-0x00000193AD6F0000-memory.dmp

Filesize
128KB

Download
memory/4508-2494-0x00000193AD260000-0x00000193AD280000-memory.dmp

Filesize
128KB

Download
memory/4508-2504-0x00000193AD220000-0x00000193AD240000-memory.dmp

Filesize
128KB

Download
memory/4712-1483-0x00000166BEF50000-0x00000166BF0DC000-memory.dmp

Filesize
1.5MB

Download