00fdf34797869bb6952986abe94965cef4c9a1a5effa725d2ae927cb35755875

Analysis

max time kernel
1049s
max time network
1050s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
17/01/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot_2024-01-11_1.46.25_PM-removebg-preview.png
Size

19KB
MD5

66ea91a30b7f2aa0d71c189a2b977b44
SHA1

6e13fcf0f7176d94be46eb667e52e05a517b24d3
SHA256

00fdf34797869bb6952986abe94965cef4c9a1a5effa725d2ae927cb35755875
SHA512

3a410bfd36739225eaf252dd7972ef835e158634564c9148cd6908ad8d0a016341a590fb048e56421001f3914dd54e11507b2d8bee348e4fc3a9f2e6e994b844
SSDEEP

384:9O9DYQiORhAhtYaPtMWLGdpdofSlBnrKWeG/7zOBNe7KftfN8KiVe:JghYttPtNOXA+rKtG/WD37qe

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 18 IoCs

pid	Process
4964	tor-browser-windows-x86_64-portable-13.0.8.exe
3164	firefox.exe
556	firefox.exe
4856	firefox.exe
4988	firefox.exe
896	tor.exe
4104	firefox.exe
3124	firefox.exe
396	firefox.exe
2124	firefox.exe
1044	firefox.exe
2956	firefox.exe
2084	lyrebird.exe
2408	lyrebird.exe
2092	lyrebird.exe
3476	lyrebird.exe
4876	firefox.exe
232	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4964	tor-browser-windows-x86_64-portable-13.0.8.exe
4964	tor-browser-windows-x86_64-portable-13.0.8.exe
4964	tor-browser-windows-x86_64-portable-13.0.8.exe
3164	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
4988	firefox.exe
4104	firefox.exe
4104	firefox.exe
4104	firefox.exe
4104	firefox.exe
3124	firefox.exe
3124	firefox.exe
3124	firefox.exe
3124	firefox.exe
4988	firefox.exe
4988	firefox.exe
4104	firefox.exe
3124	firefox.exe
396	firefox.exe
3124	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
4104	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
2124	firefox.exe
2124	firefox.exe
2956	firefox.exe
2956	firefox.exe
2956	firefox.exe
2956	firefox.exe
1044	firefox.exe
1044	firefox.exe
2956	firefox.exe
2956	firefox.exe
4876	firefox.exe
4876	firefox.exe
4876	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1155165157-2721788668-771323609-1000\{07A750C6-48B4-4090-A7C4-64636D2A8B08}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.8.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 363679.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
3756	msedge.exe
3756	msedge.exe
2372	msedge.exe
2372	msedge.exe
3132	identity_helper.exe
3132	identity_helper.exe
2304	msedge.exe
2304	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
3792	msedge.exe
3792	msedge.exe
2084	lyrebird.exe
2084	lyrebird.exe
2408	lyrebird.exe
2408	lyrebird.exe
2092	lyrebird.exe
2092	lyrebird.exe
3476	lyrebird.exe
3476	lyrebird.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	556	firefox.exe
Token: SeDebugPrivilege	556	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4804	MiniSearchHost.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe
556	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 4080	3756	msedge.exe	80
PID 3756 wrote to memory of 4080	3756	msedge.exe	80
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 2396	3756	msedge.exe	81
PID 3756 wrote to memory of 4300	3756	msedge.exe	82
PID 3756 wrote to memory of 4300	3756	msedge.exe	82
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83
PID 3756 wrote to memory of 4620	3756	msedge.exe	83

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Screenshot_2024-01-11_1.46.25_PM-removebg-preview.png
1⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa66dd3cb8,0x7ffa66dd3cc8,0x7ffa66dd3cd8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1804,4735928852370038070,10433319807120199608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.8.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.8.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4964
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3164
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.0.236638703\393358829" -parentBuildID 20231213165604 -prefsHandle 2540 -prefMapHandle 2548 -prefsLen 19243 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {17916c06-b0f3-4fc2-b23a-d284ca698c24} 556 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4856
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.1.1934355120\2131448642" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 20081 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {41fc9846-054f-4fc5-9ee6-0d7eb5009928} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4988
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.3.2003915588\2074416086" -childID 3 -isForBrowser -prefsHandle 2856 -prefMapHandle 2832 -prefsLen 20968 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {611ba509-cfeb-4c38-ac36-ad9a8c91121c} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3124
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.2.56410286\220117187" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3028 -prefsLen 20891 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3f6865c5-b5db-42f0-a8dd-7736141202f6} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4104
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:a6943d6e84e6cd7e606bdb9ad63e3d2999aed6c75e59fb3ca2318de80e +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 556 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:896
      - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        TorBrowser\Tor\PluggableTransports\lyrebird.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3476
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.4.773490349\456542921" -parentBuildID 20231213165604 -prefsHandle 3732 -prefMapHandle 3744 -prefsLen 22869 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fae59c13-b2bd-4c17-b581-6fe63cec4d6f} 556 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:396
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.6.1075095616\910420787" -childID 5 -isForBrowser -prefsHandle 4276 -prefMapHandle 4272 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b9821de2-08ba-4629-ab88-92bc0ca3d8e0} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1044
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.5.32523820\2018172090" -childID 4 -isForBrowser -prefsHandle 3308 -prefMapHandle 3272 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e7e942ae-3489-42ea-bef8-ad8078be6d14} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2124
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.7.1288408946\202184725" -childID 6 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6f91eab-2c1f-47da-841a-05fe1258d68c} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2956
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2084
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2408
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2092
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.8.957232578\1206032581" -childID 7 -isForBrowser -prefsHandle 1932 -prefMapHandle 1824 -prefsLen 23041 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {33589173-182c-403d-be1e-841d18a94f29} 556 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4876
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="556.9.1945788839\639040124" -childID 8 -isForBrowser -prefsHandle 1672 -prefMapHandle 4696 -prefsLen 23290 -prefMapSize 243588 -jsInitHandle 1388 -jsInitLen 240916 -parentBuildID 20231213165604 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4dcff941-1856-4081-8e8c-b2af310c3155} 556 tab
        5⤵
        Executes dropped EXE
        
        PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5cabc17286e25c0ade7a7f050b6e92a6

SHA1
c25ab09177ad0da9ee6caf78310236bdc2cba319

SHA256
0e75f9140c154297d8f741aea07b90fc1be1b8deb79c3f204148471800e322b6

SHA512
0cc35eda0168f51e5e719ba0bfb226c9f5293a6056d47190a23377deb98244f42c62b8416696cdd13b2db6228c1c8a2513cdf6dbb1d4b59f0c1c889d1acee6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
c33c3755c9bc5c370e51bd72a524da35

SHA1
7b4d2ef2b5e0188562afcd4c87060a809a7d2919

SHA256
e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113

SHA512
7c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
8c09e0be01d218b691fb07a16a7718c7

SHA1
c4700ff183e64d7f0147a32169b951888bacc2f6

SHA256
f0784d5b7351e6f73005acd85dab06152a5ac90b00254ff9cc240d9539b26d21

SHA512
032e3785ce558de402950da47d7c9613d0b5ca4f53bba3385a77ce48b4dae745cd5d00d551bf02e31384794578c44940f2e53e00dbc9d6fcd6dcd85324b80274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.0MB

MD5
c22a8ea5f10ab4e37bff55eeffa2f789

SHA1
fe5cad67369989395920d82934a67e0f4a8c1ffa

SHA256
a1c85533eedbdb04571951276f348655ca28b7b7078ff8c283a77fb8b35ded21

SHA512
07ea51874425594264e93f261cea0e892d11d30cbed9be6b33af31239f56eb965314a4acf6eb59cd3de4e48ba5a447ee4ac3d02bf43d8690f652014b81fbfd66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
30KB

MD5
0a32c91a026723eb98c922fde76cc201

SHA1
15484879e171f6aac5919574099aef01af77d281

SHA256
16f729a47a5998245e1c2ed0f77aacbc858c631aa46fb92248022fdbec64bdc3

SHA512
3fd0cf2dd5640bdeb314a8d8d865bb4888fb0ce085b5c2f13c72c0455569be15312de34978bd6b6e8aa43b4e4220687d9d86fc65b945747850a204798e143084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
82KB

MD5
f5de1b4b658eaff9f144d6e8d5fd1957

SHA1
f11bdbfa158d78d421268b164025f5b57d0fd72e

SHA256
3d57554c5dbad73179eaac946fa3c61efa88ddadab3076119b1b9777929ab049

SHA512
ce78f609191b708adf5667e8d1faa201d62dc1582b8955c958c7d1deeb2f2f5b5fdc0549c9095f2ba6358f82f81a31566f646f849771037b44f991ea1aebe0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
55KB

MD5
59a8100600e69f9fa7c2f2ec2a8b8697

SHA1
5e2656db7d08cfdc9bf6eb7534cb74c3e860db47

SHA256
40566169bd2a48017566d80e81ae8e93dbcad15a3749f6278caa4cb7efe5caa4

SHA512
7ebee0e536bf426f0e0292f18f78eb408c9dc81646cd3588a066b647fdb5cb964de774856a7b5e2e3e2e8981ad447527ea8f7b2ed60571c9d36dd1cc1cc260e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c1e353d362e63a2c0825263f26177fbb

SHA1
3fe34d120fccc88c7f1c7614b2b0b71de95ea367

SHA256
78d04839b5429468e767802a6b032eefa7a673cd8fa97dc8c0dcb78779c3e30e

SHA512
290bce8580486effac4c2199b96643fbfb6af240787bb5f39656e17b6bcab912a6e16869f9f45b37cd2189596a3cf1f23cb5d0d49602948711a6edeb063c60f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
2beeceb9e22096015f6545bde67f3f14

SHA1
063bf471dd595f4f1449f05d0e4b767424654e5e

SHA256
eeb850e89b791effc776f847861ef036d61185bcabc8bd91fe49a7f983ae0d95

SHA512
2d376eb594746c8a8323c0ac7f633b2270fc9e21db97a215ecc6d17e2e21371cd72384478115cdcc439359c359bbd7d390449ea13c7aeb47bb7126c8a357b4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
b81d7aeaadf6001e9d99546831220bc3

SHA1
367f7c9d339156d1d873621f70757ee5d8f9a721

SHA256
f4c48281dac35126df45fccaa646dc24f68da9d167b71132e10af7348862025e

SHA512
67508d7b70922fd82460d79b42524c8917e7ce4e6215262fe7a07ef3a54e60aaea4aced28db08c391cd21b0e1af36945568f46581c33c719560fa7dacbc95b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ac7cc522fbcec111eb87aaf160aa26e

SHA1
3b17fa096d3bcb169f951c2fd86dd1449b627ee6

SHA256
942c932046bcc377270abfc1fc4f713a5ddc6f76c4e6c2b2cfa2b5d897134b48

SHA512
f30458472fbd30004171fe701b2701392892854ba46f620fa8086b8598705effa1d406f8dec6dd49f29ec7b5872e71acd7bedbfe9092f9f7cce4a550eadd6040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e02913f9b003670ab348d81ffde7b464

SHA1
34150a27834221f3000b588ea628d4d04dc0a8cd

SHA256
c265a4520f8bc192f7e13a9d499b260f7d85f2f49416da563d035bcb0452e9af

SHA512
1ebed16e75827f00a7945d33be33cb10777fa98363a20f493d3cce89095f1b1a02720f4a68d3b579c58e66df228727e43aaba8b84ff19909ceadb4902b2cc7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7cfeef9c71c867e76004928e179b82ed

SHA1
e9a70ea0184d11d2782a62294a1fdcf44da1e60a

SHA256
ce42214b6d7338fbdde0bf318cdc5693929e48a131b1f01cfd3f5d0392e0cb98

SHA512
f52f8faa436afec0be5ead722617d08b6a611df62aa82afc11ef296c83975d61947289e65c9e93c1f0ab8497a2e94fc36912165baf070f7b68bc8529b3f40d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b49fc7bb95335b1dbadcaae6d0096da1

SHA1
36ffb637e7d04163d8d28a98ffafa34c3d1baab7

SHA256
b1a4f625470b111b88eb7d330cd06b14353aa44500aee1c055da96e4f23028c4

SHA512
38ac077f4e9d4eb2afa3991fe233107947d52d2af93446308b1e77dbbb0c49589698e2bc63f9aef6b1886902a5a70b47aff89320f06db6f20e1ecc6c5d20a460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0363e7567e6d43534ca32b200d92565

SHA1
3d4313d88912b6e67320f9db52101be4e64740ce

SHA256
689fcc7e00e989fd2668ab2cd1a6dad186ffb6d6a4f9c928e5009723ed20204e

SHA512
9f26cb949600b3d2044dca55cba15897e382e615fc42cf02a358e20fa601fae1125fc607b4e55a22ff264fdb9013168940e5ab84ad1d79abd6d85c907e3a0ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe27384a52cbc8873eb2114381d9b1ea

SHA1
4582299da8f5a274e0a9854d334dde4452d255d4

SHA256
726f73b4182ca5098a2fcc95c32a2556c278fec1c7732ea801c517b191af6f9f

SHA512
a33055b740ec2f22e9c65331de3db18ed336f034c864adc34932e64a389b98b836b5457a29325f6dced8eda91ea7679a253ff95684be2dc2ec462609c6065cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f03438f2ed63b1ef86d05758bd44dcd6

SHA1
238abffc24773f4d4a6676c15134d2709d4c9ef3

SHA256
b9c2382024b0d293def85a4d62667dcf90c2e9524e4585d03cbe911e78551dda

SHA512
c26c1f382d3b0d81db1a84b67b7704a480e2d3d34cb7c833ab1351af323722c670af301f135c38b9221e24dee43eca286cba0180b84f52888858324327b83f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e8535515e89305d3d9bf3b73bbdc610

SHA1
6ccb80f141a592750c4461cc4b3b7a55e17c73ae

SHA256
5bd6a0d9bfd42b23021e5e15b9250543e6beeb29207a263adc047387b9a914c6

SHA512
18bd759b0584b7bdcd685930c5895aeb240303067e10a355bb7920d00b9a0b406afedb6d8c0dd1e1e5167a060fe17e9f1ccb1885388b1d6597e8e7a3c392a9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
68fe6f34e7d6603a3d2f4c95919f8408

SHA1
c7be30582f94d46f05338cc39726f72c9e2fa4cf

SHA256
8cba909149b2d3fc45315cf63cdb8fbe42a4b7c614347171ba00aaf859639c1a

SHA512
48eac2f55675b01ebeb28680ed9af6dcb9c558f76fd647cf05f8a7e1fa04ee57f7a8c70bc0ea882bdbca48b29d62ea7af74b76a03b09c19762e4c93118929be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
ba3f8c9b621b1f74e647525dbbea21e3

SHA1
d532066f240f4105875342b72d71ffaf208d8acc

SHA256
c0c535dbac9b6a8446ef5fa202f89e48ae2227f5bc54b25574b1f1de5d6cf374

SHA512
641fe225e7e914a1d98ec87ad951ccc3aefc4dc23f4aaf8e4a22abe06d428d29626afd17f60f88833ddc06aa2002f9c371c69bd823c5ddfe434bf37312aecf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
523d13cf3434255c3eccbb7337ce5df0

SHA1
13d6a97654b43963681fd6895d59003169bcf2ad

SHA256
c39976d4d96570ca036e812b6174c3285f66a1e685a375cdee6e3a8a27085f19

SHA512
40247b72624f82bba87b815dfe016eafd78cc2e96b2f6ed6e59d3f3fa1e479ca44b8d29344112b18ce4610a78dbd7effcbdd3919e4c857a72bc9fdd5ffb5853d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
03e23151b250e38e15a119eb903e25f1

SHA1
d7f621639c46ace55f4868876f7000bb0d914e2c

SHA256
3d6763e1128ac7a414dca6db40a077ae69061028debcec5f7a718dbc8ece9f91

SHA512
f829d0418909f238082ba2dc9d194aa2df5d6c64fff4fd096d83cd45d7001daba4c61eb0464be0d62af03face6213efe7d9e494d592b16da83917c1e0cf44204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581008.TMP

Filesize
368B

MD5
03424e7a26a23f9d8a9f7cce713e1555

SHA1
b474b67a62ca47944e48a198f1e8280395430ebf

SHA256
a309df69829f4c5cdf31f66e170f2b0719e6e2e264657d039085e7dce255b8b6

SHA512
607ced0a07f51e27084b7a4b802594644ca92151244166e6e309ea82007c88181ba69b2fe4d5bca6e311cf5b3ee486f0944f1f157365af736faa7cb95616ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7418c9c2ea43a2ce5940c19ab482b6e9

SHA1
319556ddb094004b93a268878c812a8b4c2514d8

SHA256
2a83d94ebaa7c7aff36cccfbc8c714b8c3bf35c15ce2770e5f04e400f63beaf7

SHA512
14a63c00cd45b08ded9ec292515e45a3529613587427f807dfccd080c560727260793727101fbf706fc41e5b20a460875ac288d617882a27e9b42ba2529d0b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e96160f80d470134c9a58fe47319818

SHA1
1a7452de83f8ca8b9dc617de8fc64a7edb50a601

SHA256
4c06040a388f3e56265fdf88ca5f7d8029c27dbdcbc21f6833870d17f3222dfc

SHA512
452f39a36eaba3f25710a55742378d1aea1b08393205e46165111d979603e0f1b35f4f2be8eadafe60baafcba024cf7c9675e4c4a43e42c4b6d00bdd39886b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab1686f462d140b33f8e522a32202fd1

SHA1
51ac975c8378cdf398603bb55c6c4a5c25df2707

SHA256
181b672f04e974a1d0752915b945400309658bc91bef3abaaf500451bdda5e97

SHA512
c347275d601cfbcb1dcc886d9b248ab6013c10898aff1bfb32d296beffe881a978506286589eb16f0b5ff341973fdb127a995afb714b02b23f33871c49435eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7978e827e20e6292fa8949f4e176c9e1

SHA1
6f955afef0cf53b582c63bd51b613ca476e20660

SHA256
48c818e3de532f3549b62eb4efd3d3229c627324bba26f17adc629a9f3c97f37

SHA512
b759dbd30d408378c0bf377e4f06517c7ef60eea429e8db6e4c2e5753c1a619a6faf611b949c83cc6ff9c73afd80dd0e832765bb0440b70aaef4573f4e3393f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9510ab2178f48373c6f507a4e8a1f573

SHA1
f3688c7298fd4be3c503ad5736303444f277e039

SHA256
bcfb2e99a0b229bd0a4a7fa305abbd2a6a0abf180a5ea7545178b31c7a3d5d52

SHA512
965e32470256f25a74869e73243e53d555af3ebb4420860cfecd6fd0698d8d99d021c5fb94ab2b61b6f1e4e1d2f45ae5517828d0c1b6fe28b4a2bf9a845354cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9FA9.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9FA9.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9FA9.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-01-17_14_mQDXSVG97fjuEe42TS9DcQ==.jsonlz4

Filesize
1KB

MD5
62b2b534ea450b1519c0ce2c62df99ae

SHA1
c68b34e0b187764efd8b543e7bcbe23f0a26c17f

SHA256
4593d60f2392c5590a610565b7436586c3e98a70ca6df4f3f5ccd96dfef4893e

SHA512
4c8780af850059555b9d7d4f5b3c58291228b0925e88b5d0244f57b37e7634c271f8e4de12ac8363dd912ecb08e535e5809d97ff275c07588064a65de6ebe1cd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
26KB

MD5
9c0969634f0f76417c185641915c7006

SHA1
a7df99c98f93a1a14a1e83564e3d45e1593e4490

SHA256
a03c7d106b163b405cf516398e2ce0cb43b3a9e453815997b8222ff7a5029af0

SHA512
72ed911c7fa86e3b27895f97a139b308f2579cecfacf59615bfdc7a248af23cd839fc8b536a7f6a961a6752c72d6ae430c04ebf9024b96591936fe2d56f63555

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
215KB

MD5
85967787d1e2830b4110d16cf425cd8d

SHA1
7d8d5bdc8272cbf30aa7cceefcd38b2ebc078344

SHA256
83e6e32635bd9071a1197ba439206316d2afdcb249fd1f86a9fcac855ee49569

SHA512
a24197fe79596ef1f2a7c260b77d4645499e7c51b2981d7269bd1b219017ba1bcf38f790d1508e2783a20ae627a3f8bd6a8cc469b40cdeff1bff555e16f64bb9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
c4c82b1fb639d078e761d17368218212

SHA1
9c67e5b4cd1d212b68c64d76ee18c9e37e3ae46f

SHA256
d53b547f4043a7113b4b238bdf5074fb869b9edee247b96a05f69bd65f3981c8

SHA512
9a832c57a291a2b140ad996a8594a1b1dd3e8c774106e1e93cb36fcacaaea4ba2d5789cf1225d6375ec9fd45002eb36624d536f858e365f74c632dd0c3472bcb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
9d6a36406ef1bd7dfc066551a4b8808f

SHA1
4b8dfc5f7834e2f5990d4662387f365e0dea271d

SHA256
47f9cca8d2684f33e02ec89436d7753ad75b4f2267446d7c86ef99dcaf6814e6

SHA512
2b11bbf7d48ff9812f775e4f4e416e15c134669b357c69af250c8c022f0ce94719bc8a9d2b8d17ad874e5eb37fc1a6900abf8af2a590e5d59c87fee66943f0ea

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
7a6891c6c12a3cb3755323da63305124

SHA1
a79157cdb6b5c6964c04af04f1298205b63936ba

SHA256
49130e206e874765046810b20e9d1b510d384f2292205b7b87e9f789667f24ea

SHA512
563978b2f0b8314971196b917f5eac1ccb259abdc1e8d0e8c555697c8addaa20c3ecd798f8b39a6d6a533327cb3036d25506042cd8e63aec59867357ac7fda33

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
ac38dabf0f28baf144be7fc41ffaad9b

SHA1
fac2b3b528d1bb4e031b5fe4438f920d83518caa

SHA256
2ecd6e5961bb3f57317d076e79d2a3619c9a1a360b105e6f959d70419686a590

SHA512
c6e82e2a9c236fa3deb2225206e788d8f96b5e40a6c7d92e942102ae8ddfcce6c149bff84e2b9f1b2fc5f5540779a2005780f86b4510a07f9071b9b74dc5b3e7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
865B

MD5
95376e1dc4ea33295007bd2a4fb3f78e

SHA1
567e392b50c45e6b295508c984849cf1609e2253

SHA256
0101a4621032e74b4b7ebf5fded47e7655c37a92aa050eba3d2f9b86172d39e9

SHA512
8dee770328ca269d7d510a854c658b5bc35898bddaa9abea849dbd64e4e69adc4014687f4c5d3b2d7a92c6f659923bb891a955b7b0e984469b2e8343f34bbcbf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
578ca0f28955c95fecae83c152f6b581

SHA1
ffcd776111cba785cb0af53871a7b9e6db3c1e7c

SHA256
35e39fb6e95482a99689f8aee6e77d2c94bc35d6c1a664548835db33837baee1

SHA512
99e61671c589b81820a823209c791b1d326aa9417bf6db9fdded600bd83e0c6cbd30e52977900946ca273c5bd3c8e7e3784e33c26842067f698e9cee1078dc70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
144KB

MD5
743a5f9820fa251ad41c68de159bdfcf

SHA1
4054f8589943095b08ed061d9e25c2133ed07faa

SHA256
9a40c92f79f7696caca9384600a9cdb2237bb300a6157c6c6ae553ab110abf65

SHA512
7af460d3a984babc0918ad44dde07c148a996d5a87a31e4340dcb56aa94f1fb7f79d23352c82624e778a7d4c8d57bbba2a7d173e9ce5e96068fc973e617e4007

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-descriptors.new

Filesize
13KB

MD5
828ec7eb6254061fc7de13b79a1c1daa

SHA1
3e7ca420fe16586f135bd932eb00fbbb3cb49e2a

SHA256
9e6a52e4915722e413f915847e5a66ba9c7b2311101ead5c8b2a2248d81ae59c

SHA512
940535319d9fd7cc329a482d5d827177cf21d338158b23521667fe572dc9d1e7a3ca61584abfe62ce12e6c431fce3607d961d0d717b8807847114ff38a407288

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

Filesize
307KB

MD5
c8805580d4631174e920bf7ab372cea5

SHA1
2dad228481acb2f4e57848331bbd8357a88236ed

SHA256
90e7b15075b57d0f97c219faede3abeade9561c8d25c28ae1acd2b61362e0b35

SHA512
90797819f953fa86a2ed097ace17d50a01f1f5e75e0b616b4591aa95a8aa60a51c19b8d6c586cf211764d065567691ac54702a50ebb5b0ae575c3b1f892d5d3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
169KB

MD5
07b590bfd1f3a975ffcce8b46c455e49

SHA1
afb1e1424c58e675cb65a0ff0016c8c70970dd58

SHA256
02cedc3dcc9a7049d134103ad5650d7abed6d7b4791e93efeec9f1cfbe445fb0

SHA512
a365f7128e310a04b7eea7cfc7ad03b07c4f4a3fcd852102429906aa568d4b491e67f13b33c80fb99a46bdfb33f2a49e6da18b3080acf1fd543d1425be2b9bb9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
553KB

MD5
a6e61e048171afb40ca2b452e283be0a

SHA1
937ba08507bbcbb77ad02281363aafedced6125e

SHA256
e7805c04b85d975cd8baade7279975279c89c2c9a73c1da81893ffd184f5aaf7

SHA512
cbf5690d3dd3962fbc3dc0acb195bbadf46068851bd0cae0a595da2e431ae406d70c980cbe795f8e3cae4ed519a397fd3bf66ce2305b4ee08d60d338644612e6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
455KB

MD5
6291c57b9b0c7e4dedbe6d9372f4af33

SHA1
319fc0a3e0cebc5aa9e425ba17a9076be2bf4833

SHA256
f1afdd91f41cb0424af1ec02369b93a4cae03ba26698aaa41930b3f782b49c02

SHA512
31b063cb43428f00ded8cc2411149953f2a05543e90ec3ad134d96dad7206c6fe6af833a5f27b43ea55c7e34fd05f3220c19b1806e141fc8d64657f8a232eab8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
736KB

MD5
de680c3c45765c538b9b662546234ac4

SHA1
c80af59a163ab63ffc62458421496eeb1cf8f2f9

SHA256
ecd4e24b1ad106a36b9977361993ed8388e5110ab7b80f880b0c60bee22b67ce

SHA512
c91c43de45a4d8e21849aae6bf584b0ea538555497a8b9f359a0de6c7b61d49af3d25b824db667ce93d762db76ff2bbc12c37b541c9ea1c89f09fd87b484fc65

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
532KB

MD5
ae479b6ed6ad15ad2faad02b112fc770

SHA1
839ff24e23444482c7715e3e82c78cb2aaa4ec86

SHA256
38fd024a1c7c656673db9af4ca2e5ec83b6af0a0f6c9a354946584d9c382d094

SHA512
2b5360ab093d5bf4a516fd2fa104336dee5c34437da88d14ea7fabe1b06c1fd8c5f6bd4357ed19a7480196f7a2fae27033d6fa8fb98a0d86c39b886b3ae9f29a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
743KB

MD5
3fdb1719a49ffeb0548928b0238ae96f

SHA1
4145e8ed3353fd5dc20a6a94b6e6565272f59b7f

SHA256
5a107998bf53d26b77cae1a02c718899627462ed04039d7de66c241bdd6f3f2a

SHA512
f52a4585921a79cbf44ea45e1b13252baae4f7f7a4fefdebe785886c915fc650083dd4d2c942ff5b59685a33fbbe98c291d4a99fbf9d712da89292ee912c41a7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
711KB

MD5
512ae44b23c590a9bdb357dc7ecf72f3

SHA1
1af2a26046fcb5b434cb90b49c194de8cd8cb83a

SHA256
02479c287c7f258d98a2d65e5cf06ad63edb833c78d417bf69fa84b8728f4046

SHA512
4ce564edd70280efa7dddcc3589e6ce9f0881c2939145ee708e7bd81a90ce0c5ae6498d13cb69ceead7e1756c73bd67ef0557dbb453fabb063cd79edca108635

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
219KB

MD5
b27d9111281bb73d5b3f328a83e7247d

SHA1
acba08fdf621dd93e95ade07cb199e6814c9bb31

SHA256
b202a0c3739f82c2e87914207dd37c2e556525bc5818766978ae3763f2e14064

SHA512
999ea3204af446216aa7964887d2030ae3a3f8bf3e2f278f8092b44ad71e626ce1ef319c69618b965cfa99dd52bf91481d11d19069f4114b2e4d58e110e98fba

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
213KB

MD5
da22e30c7194da60b344f327f77f00f3

SHA1
301f3bceac4b303626d00e3697f5a3178c148c5c

SHA256
68704937ed3b3ea7dd84403ad85ed5ad7177c1c696f5f77af63180271c49473f

SHA512
8789ac4974b17e4074e28e227e7d13d77dde06906c04cf66bdbf9f3e9b7d5bb16975ba259b74027ba4b2e7cca3c03fd7893740a3c7c4ada8171a4d9674e73f34

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
144KB

MD5
4d8bd2d3d7de1bb7f09415a1862136e6

SHA1
a34c5ee978eec37fb7219edbbdb8cb5b96425372

SHA256
5bf900fb93821e046ce6810704be7d14327c5f799e478fe3503c96562035f749

SHA512
f9f21599707ea434a45fd8dffe8af118a6079f7c97f5dc7a292fd0fee9692f25cc5d8dc94b26f27008a735cc9334fcbe9016bf73d124df39acfdd773db8bfe82

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
340KB

MD5
b0854c5d64ded1a4b624eb8ec5296051

SHA1
af880d6dc2e534020f562843d959ac01350416d9

SHA256
b2573b83610218443ca6f5056e271ac8b5642b41f8f4e034427cad539a0ec60b

SHA512
9034eb252a09b899a2e0e8a3844714f81d39b5ae9407f0572ae70b4065ff0bb76c600d72d799df00a3ab8b029360aebe641a8cc9dc73c984a68948be834442c2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
509KB

MD5
4d35ede7be89ff8a5dcd9ee21a31e117

SHA1
37ecbffb73763aaf9c48a170866dc510db66ff47

SHA256
5ead3f6d8f26e587d29dfc96b598b828e7877726511c790f87e8aab9f995c80d

SHA512
9f970d79de8bc709b7a6cf3ce71197510d226113593e4014b26db84fa39848646faa32525713e6164bf29e6d1e0f2217613354be7fdfcce33a17529a3e35d3dd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
3955a4511a08a6920024bafe4fd97a13

SHA1
49bd5da0748ef3ee8fdab8a676000ab1c1875a38

SHA256
5449849e6cd70c4264c6d45cee87358797108e8df1bb96e5dc4242faf8c22612

SHA512
1d36ba1fd072a2e02edd42231fb8d72ea0b9e41949947591ae2e06e5f39e98753905b90ea7b969de506b1a5b78219c793f07f5036fe9585a4bb5e5c8665263a9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
577KB

MD5
1e384f2695f67b148c3b9c180512f6ac

SHA1
83d085d8300498f4698165e9e891032bfe37f4d1

SHA256
769bcec4ed4f63d8f05e630435cf51cef7409c8f7d5e59a9dd62f50495f0641e

SHA512
eea2cf561581ee94d8028a8862c7a174da29fe9ccdea9e273ae506911674d87820439db9294c1a58670c23c76429a0588af30f1704e6a57c4b739fd9ffa7a064

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
481KB

MD5
c25d69f05ad4ded0def480367210677b

SHA1
d2cc877be611f4c23f61f8b8ae25318eaabcbc50

SHA256
98dceb2d22cc54765e64a67473ff8a82b02ae213b87a1cb8e498997fd09b1f0a

SHA512
201cbac64aa141f4ea821b9a3167d1abd0fc2507757dfd6c13755c6237cfbbfc0a22b3bfe4eaa84cb7a1a697d1c58b4b2acd05a432053bb90ec563c0600f447f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
608KB

MD5
5925508d7058b8d67cde129118448634

SHA1
e475018e288fdab527a487f3774159c6617fe854

SHA256
0bb58dae4f46601d706d033525efefdeb31ff775bb05d9a88a90a0a004a9ac67

SHA512
8fbef742e99c2df7060cecb23430d6f4fd43a0f7da2dd192894fb5e5b1e51107e723be7f1844e4ff099ea8374e248ea63f92b1727550e2c70176b4b651be2174

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
649KB

MD5
9e726a729f4fe97471a6aeb47311abb3

SHA1
4f838f980294ac5100e56818be6d6affb346c662

SHA256
7756f0038c655e112846a31fc69f4dfdd089232c0f3f78d7f1a61d3562d60acb

SHA512
4d1e2a12356b5b82a0a9a8d2b1b4e6ebca65e8173b92bd3cba8672cebe30c183fff21dad9a98d111dfdcad868893913206980241218b49563362917ce0279bb1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
534KB

MD5
1d48993ffdb90127372338a987ef24f6

SHA1
c9e7db6275e248de04d468d56aede857db0adb10

SHA256
16f40a78341815d0c6d6f41498d7a5633eb30a921875f728f41eb500e1365091

SHA512
ed56aa5d4e06fd55a53c18b5de5b9955b8797002d384a55020530307cf615aa4180f5c631e4e0720513926afb80cce320b058d5d16687ed2850a388b09dc014f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
793KB

MD5
3c2074534a165aeb2cd071443e9ee4ec

SHA1
1f75cb6036e2d29b0b74c367a3d41849048024e3

SHA256
ae51861f1c8ef3c3a89ace6164724dd76b8ae949e6ca7808b45f2b367b463ec8

SHA512
76b3acc919bfd563eea58bec5f763f0774a15f698ba04b4a4ad07b3b180c628d83ace90342d6ccd581058a7d154ac7958d05547df84122422bf2e61a9715b5f4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
685KB

MD5
1e06a8560ab8b9f6c651ea7f3a958a11

SHA1
0402de1249c6d63582481d0ee4be72138f1b83bf

SHA256
43e751250fe6bace2306a33d882b4d6836843411b7fe7a5c027d71100d402cb4

SHA512
28dd2ac43487d187f87640ffe3e6ede9496c7c3ee674356351f7cd3c5a3774b27cc12ab7c8a3c61ae2da62d54cc58d065984a873922d3be1c9d247ef1157d86a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
381KB

MD5
95d97653689dc729456886bc4f031bbe

SHA1
8ef7c9ae43b02e6a61c0e2c7746858dc3e4f5b02

SHA256
1ff36792910177acc49ba301cfb9108c81fcca95fc488f1dd9e6e52d61e38d6d

SHA512
f454071d87ef9df2edb46accbb33e9adfbefbaae2785574d3f287cf9cbe255bde89a321a05af518a43c2436973ed1d48699bbd81fac36b9e148746d77c752b01

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
8c601c895895291d9993dbec993ee7c1

SHA1
73e53ee8ec052b87e96d819ebcbcfbd9cc731587

SHA256
f166731d492875affd7f57769418297fbc821ab4f60cb4320d85d5cf74ffd3c8

SHA512
295f317f5ed8c759c4c2200fab15bb37c4f6b7b6c17b34470e67844070f5eab08312285ccd5fe717e8857ee6a88deff97a6b9f007eba52d0e42a647d2388c399

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
393KB

MD5
a1f311279d6b3d73459ef4a0a57bad51

SHA1
25b09057d8495714c3bd41274d3a3f20b97475df

SHA256
22faa9641b75d3f87641ab2d5e3e6fad386a719475044932a3a1a09c3d3d304f

SHA512
bf24a69af3be751f4e1a150b993e1e316d5565d980a6f58f765355c8b49f6803e335c78913d968d1be50e6f55bdd8b2aab5a4640167ff15b45b3d582e3feef6b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
322fd56060d9b92a80640afa97b8bbe1

SHA1
f68c864579913e1debfe06a0f9cc544c91ac9f74

SHA256
6e81b95e8c0574e7f02a25f599183bae5a1a0fb7a1f44cfbd53c4b6c393521ff

SHA512
a50c30c8a22a8e441caa27aaa64f131b966276f40aced8524d232083e96deea383e9c13261b6e6f304fddecf158d38b92066df95c81fc693fe3643b4041e4d29

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
511KB

MD5
a5fd55d3ad2040ded409bbfe1f4e8a7e

SHA1
4152b43e054ee4b2a8bbda2d63182fed8e56eaac

SHA256
289fdeed953f0ef3e5a56bfbdcf59293b25e29f1d55c8dd11579cd6e0d5458c1

SHA512
0d4a75dc3bfcba05fa949cb5050f4fe45f10b851a255a1946a15bfd722a90f7eecd6fc2dfcef0e5e999bda2617829ce68a4e6040a7b0facd5625965d037b770a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
446KB

MD5
54def88c5073e181613250ed0e8d8f59

SHA1
eb64077d900b38078de379a7fbe22c0cd959abdb

SHA256
08e2833dc1c59879c6958d816b4f7af2b32c7d98dc3f1c0b63017366049bec3c

SHA512
40761ed4f2e97423326d9183bf9afd8b119e47e51c2a98516f5a25bec63d28f8a14cfd7a7856ed22e97b81e92d43ef0a17175766eb18cf431913798fc0c4d913

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
551KB

MD5
4e42f8a8b5c7636268799663fa914077

SHA1
a672d2ace708ce6f3d7283d0052d2618ff4b49bf

SHA256
ed1c53e597db6d0a77e5e8b74b9ec1b7053d1dc06f1b72c764fd5cd5e7bd5bc0

SHA512
e86108e64d1a9d1bb384b4bf5c8654e38cca166996503c459d577047b3a1d8bde4de9e63ae4d166bc56a7f350972c5c30a78f9e2632be7f4ee9ae4462951ee16

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
d212d9d2ac9b6a9312191e646e7b936a

SHA1
3679e86568dedcf7f1eb86c0732a004807f7617b

SHA256
94cd434a91bff01a6bb1533587a824301ee4bce1d99d674c212df4e9affbbee7

SHA512
246a76791433c27ee1083ac9f44cca4f212e578c2663cb9474d02b484c7b9511e06aadbd540c7dd81fa56faaea78f0731dc4bfb6e58fa69a2541d085b2a66d4e

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.8.exe

Filesize
1.2MB

MD5
c0aa5e4d35905e5e1190fee3e290bd8b

SHA1
ebb77192cb9df40bc5015c12ed293279bc3fcb4f

SHA256
e5605401b9a70fa8af7baf3a47c63924db6cdae4eb9e8a9667a985487233a337

SHA512
e02734595f4916fba460d80341ddd40826ecbc4eea9ef04b1eb5656956594088ba4966c289b90631eb786fd7dcded5974b1e4a72e83cf7b277dd50bbca5c55d9

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.8.exe

Filesize
439KB

MD5
0f3efcd4e6228e255ca9d46d285be4f5

SHA1
de9d9298faa1ecd20fd1cef15ac62a01b147201b

SHA256
e3306071f1514840ed942005c3cf9f07c1c6020a12e5aed8138b85b21a128b2a

SHA512
fe7b181ea33d20e7998f7acc34dcb597bd00b848af05fd7277edc7c21c7861d9b4218e4a652bb960c5084e8ad6c72fcde758bad268be61bbc967578ec5a1cc41

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.8.exe

Filesize
491KB

MD5
8c21204929f68d312d0155cffde39efa

SHA1
6ea31be9c3f0c548601737f5478cb01b686b6f86

SHA256
24d977dac454f41c63349f3d6fda88ed27953d05d774def3c4cbd89eb4986160

SHA512
1c272c615e1d0d1415ab02037d84b52b5df1572c9b7075bf456968eb19b1bcf271cd52a363e42bb2e88cb7a6b78d3df65d3d2b05f3ef8c8f7a47cc375cc5dd4c

Download Submit
memory/1044-1349-0x000002312EB10000-0x000002312EBFA000-memory.dmp

Filesize
936KB

Download
memory/2124-1348-0x00000190D1B40000-0x00000190D1C2A000-memory.dmp

Filesize
936KB

Download
memory/2956-1350-0x000001C8054F0000-0x000001C8055DA000-memory.dmp

Filesize
936KB

Download
memory/3124-1341-0x0000029352800000-0x00000293528EA000-memory.dmp

Filesize
936KB

Download
memory/4104-1340-0x0000028ED2A00000-0x0000028ED2AEA000-memory.dmp

Filesize
936KB

Download
memory/4964-819-0x00007FFA708B0000-0x00007FFA708BF000-memory.dmp

Filesize
60KB

Download
memory/4964-818-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4964-1026-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4988-1132-0x00007FFA75AA0000-0x00007FFA75AA1000-memory.dmp

Filesize
4KB

Download
memory/4988-1134-0x00007FFA75650000-0x00007FFA75651000-memory.dmp

Filesize
4KB

Download
memory/4988-1269-0x00000267842C0000-0x00000267843AA000-memory.dmp

Filesize
936KB

Download