36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Resubmissions

05-03-2024 19:59

240305-yqerpsfh9y 8

05-03-2024 19:47

240305-yh2w9sff3z 6

Analysis

max time kernel
469s
max time network
470s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 19:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

file.ps1
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

8^/10

evasion ransomware trojan

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 31 IoCs

Processes:

tor-browser-windows-x86_64-portable-13.0.10.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exelyrebird.exefirefox.exefirefox.exelyrebird.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exefirefox.exefirefox.exelyrebird.exefirefox.exefirefox.exe

pid	process
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
396
1512	firefox.exe
2060	firefox.exe
3616	firefox.exe
1316	firefox.exe
3908	tor.exe
3780	firefox.exe
3236	firefox.exe
3432	firefox.exe
2868	firefox.exe
2616	firefox.exe
4040	firefox.exe
2952	lyrebird.exe
3016	firefox.exe
4064	firefox.exe
2292	lyrebird.exe
1660	firefox.exe
3944	firefox.exe
1876	firefox.exe
1448	firefox.exe
1332	firefox.exe
2928	firefox.exe
2512	tor.exe
1316	firefox.exe
2936	firefox.exe
2852	firefox.exe
844	firefox.exe
2132	lyrebird.exe
2060	firefox.exe
3652	firefox.exe

Loads dropped DLL 64 IoCs

Processes:

tor-browser-windows-x86_64-portable-13.0.10.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
1204
1204
1204
1204
1204
1204
1204
1204
1204
1204
1204
1204
1204
1204
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
1204
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
1204
396
1204
1204
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
3208	tor-browser-windows-x86_64-portable-13.0.10.exe
1512	firefox.exe
2060	firefox.exe
1204
1204
1204
1204
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
3616	firefox.exe
1316	firefox.exe
1316	firefox.exe
1316	firefox.exe
1316	firefox.exe
2060	firefox.exe
2060	firefox.exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe
3780	firefox.exe
1316	firefox.exe
1316	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3236	firefox.exe
3780	firefox.exe
3780	firefox.exe
3236	firefox.exe
3236	firefox.exe
3432	firefox.exe
3432	firefox.exe
3432	firefox.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

000.exe

description	ioc	process
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\W:	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs
ransomware

Defacement
T1491

Modify Registry
T1112

Processes:

000.exe

description ioc process

Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\Wallpaper 000.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\Wallpaper	000.exe

Checks processor information in registry 2 TTPs 32 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

3352 taskkill.exe
1088 taskkill.exe

pid	process
3352	taskkill.exe
1088	taskkill.exe

Modifies registry class 5 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe000.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

lyrebird.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	lyrebird.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	lyrebird.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	lyrebird.exe

NTFS ADS 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\000.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exelyrebird.exelyrebird.exelyrebird.exe

pid process

1728 powershell.exe
2952 lyrebird.exe
2292 lyrebird.exe
2132 lyrebird.exe

pid	process
1728	powershell.exe
2952	lyrebird.exe
2292	lyrebird.exe
2132	lyrebird.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exefirefox.exefirefox.exefirefox.exefirefox.exeAUDIODG.EXEtaskkill.exetaskkill.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	1728	powershell.exe
Token: SeDebugPrivilege	2596	firefox.exe
Token: SeDebugPrivilege	2596	firefox.exe
Token: SeDebugPrivilege	2060	firefox.exe
Token: SeDebugPrivilege	2060	firefox.exe
Token: SeDebugPrivilege	1448	firefox.exe
Token: SeDebugPrivilege	1448	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: 33	768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	768	AUDIODG.EXE
Token: 33	768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	768	AUDIODG.EXE
Token: SeDebugPrivilege	3352	taskkill.exe
Token: SeDebugPrivilege	1088	taskkill.exe
Token: SeIncreaseQuotaPrivilege	2928	WMIC.exe
Token: SeSecurityPrivilege	2928	WMIC.exe
Token: SeTakeOwnershipPrivilege	2928	WMIC.exe
Token: SeLoadDriverPrivilege	2928	WMIC.exe
Token: SeSystemProfilePrivilege	2928	WMIC.exe
Token: SeSystemtimePrivilege	2928	WMIC.exe
Token: SeProfSingleProcessPrivilege	2928	WMIC.exe
Token: SeIncBasePriorityPrivilege	2928	WMIC.exe
Token: SeCreatePagefilePrivilege	2928	WMIC.exe
Token: SeBackupPrivilege	2928	WMIC.exe
Token: SeRestorePrivilege	2928	WMIC.exe
Token: SeShutdownPrivilege	2928	WMIC.exe
Token: SeDebugPrivilege	2928	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2928	WMIC.exe
Token: SeRemoteShutdownPrivilege	2928	WMIC.exe
Token: SeUndockPrivilege	2928	WMIC.exe
Token: SeManageVolumePrivilege	2928	WMIC.exe
Token: 33	2928	WMIC.exe
Token: 34	2928	WMIC.exe
Token: 35	2928	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2928	WMIC.exe
Token: SeSecurityPrivilege	2928	WMIC.exe
Token: SeTakeOwnershipPrivilege	2928	WMIC.exe
Token: SeLoadDriverPrivilege	2928	WMIC.exe
Token: SeSystemProfilePrivilege	2928	WMIC.exe
Token: SeSystemtimePrivilege	2928	WMIC.exe
Token: SeProfSingleProcessPrivilege	2928	WMIC.exe
Token: SeIncBasePriorityPrivilege	2928	WMIC.exe
Token: SeCreatePagefilePrivilege	2928	WMIC.exe
Token: SeBackupPrivilege	2928	WMIC.exe
Token: SeRestorePrivilege	2928	WMIC.exe
Token: SeShutdownPrivilege	2928	WMIC.exe
Token: SeDebugPrivilege	2928	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2928	WMIC.exe
Token: SeRemoteShutdownPrivilege	2928	WMIC.exe
Token: SeUndockPrivilege	2928	WMIC.exe
Token: SeManageVolumePrivilege	2928	WMIC.exe
Token: 33	2928	WMIC.exe
Token: 34	2928	WMIC.exe
Token: 35	2928	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3048	WMIC.exe
Token: SeSecurityPrivilege	3048	WMIC.exe
Token: SeTakeOwnershipPrivilege	3048	WMIC.exe
Token: SeLoadDriverPrivilege	3048	WMIC.exe
Token: SeSystemProfilePrivilege	3048	WMIC.exe
Token: SeSystemtimePrivilege	3048	WMIC.exe
Token: SeProfSingleProcessPrivilege	3048	WMIC.exe
Token: SeIncBasePriorityPrivilege	3048	WMIC.exe

Suspicious use of FindShellTrayWindow 11 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

pid	process
2596	firefox.exe
2596	firefox.exe
2596	firefox.exe
2596	firefox.exe
2060	firefox.exe
1448	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exefirefox.exe

pid process

2596 firefox.exe
2596 firefox.exe
2596 firefox.exe
3496 firefox.exe
3496 firefox.exe
3496 firefox.exe
3496 firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe000.exe

pid	process
2596	firefox.exe
2596	firefox.exe
2596	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
2060	firefox.exe
1448	firefox.exe
1448	firefox.exe
1448	firefox.exe
1448	firefox.exe
1448	firefox.exe
1448	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3160	000.exe
3160	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2636 wrote to memory of 2596	2636	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2716	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2716	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2716	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2512	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2908	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2908	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2908	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2908	2596	firefox.exe	firefox.exe
PID 2596 wrote to memory of 2908	2596	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.0.1285252699\1753301857" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea5d76c1-44c4-4a6e-8365-0b5e33ec5cb1} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 1304 103d8858 gpu
3⤵
PID:2716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.1.62653833\297533478" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a294517-27d3-4fcf-bf92-80af1f5b171b} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 1508 e72b58 socket
3⤵
- Checks processor information in registry
PID:2512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.2.338250051\1488033271" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b96e56ed-cea3-4463-aa35-cdfbf529e0d9} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 2128 1a190558 tab
3⤵
PID:2908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.3.853227904\1753890417" -childID 2 -isForBrowser -prefsHandle 2440 -prefMapHandle 2488 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66ded83b-a481-4dcc-ae7b-861e3224f28a} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 2436 1721f358 tab
3⤵
PID:1312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.4.666942042\1060482343" -childID 3 -isForBrowser -prefsHandle 2816 -prefMapHandle 2808 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6afbf89-f561-4617-811f-573f4e8b1bc2} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 2828 e62858 tab
3⤵
PID:1268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.5.358581843\1098347043" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efbe6f9f-b108-4bc3-b28c-1cab90ae9469} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 3768 e2d858 tab
3⤵
PID:1684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.6.637257209\1663339517" -childID 5 -isForBrowser -prefsHandle 3856 -prefMapHandle 3860 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fbdef12-2a40-4614-9827-665c64b0a3d6} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 3744 1e3fab58 tab
3⤵
PID:2068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.7.331465530\199733527" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44e4b196-772c-434c-bb19-ad9d0b82b8e9} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 4036 1e554858 tab
3⤵
PID:2996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.8.739062697\1839422356" -childID 7 -isForBrowser -prefsHandle 2532 -prefMapHandle 2528 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50fe8372-2aac-4c90-a813-e4bc1977680a} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 2796 21bfbe58 tab
3⤵
PID:1648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.9.1661705011\363298729" -childID 8 -isForBrowser -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3310ca75-9a9e-41fd-b4a6-710482cde964} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 3244 21eccc58 tab
3⤵
PID:308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2596.10.1442468749\712173705" -childID 9 -isForBrowser -prefsHandle 4156 -prefMapHandle 4144 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f6525f7-7c31-4359-bb85-282d70ba616d} 2596 "\\.\pipe\gecko-crash-server-pipe.2596" 4204 18046f58 tab
3⤵
PID:1548

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3208

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1512

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.0.1697295154\1970580569" -parentBuildID 20240213172118 -prefsHandle 1496 -prefMapHandle 1560 -prefsLen 19246 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b26b42cf-61ec-45e7-ac91-d01464a485a2} 2060 gpu
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3616

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.1.1107946297\222329615" -childID 1 -isForBrowser -prefsHandle 1780 -prefMapHandle 1456 -prefsLen 20168 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0a7f1f94-c510-4c00-9e8c-56b71324ba6b} 2060 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1316

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.2.98701129\1099086721" -childID 2 -isForBrowser -prefsHandle 2200 -prefMapHandle 1652 -prefsLen 20940 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {75260e4b-f8c4-40c6-81a7-feac119da7e9} 2060 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3780

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:96c768f242fdeeee60d39ff012474224e10450797c38c17ceab31dc774 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2060 DisableNetwork 1
4⤵
- Executes dropped EXE
PID:3908

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.3.182566414\1710761563" -childID 3 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 21165 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dff23403-71d6-4a5b-aae8-103c2c456ef5} 2060 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3236

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.4.775272314\916761136" -parentBuildID 20240213172118 -prefsHandle 2424 -prefMapHandle 2508 -prefsLen 21409 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {26130a17-99d1-46ea-a0fc-0129b8bb7528} 2060 rdd
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3432

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.5.985476604\997289870" -childID 4 -isForBrowser -prefsHandle 2040 -prefMapHandle 2012 -prefsLen 22471 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1b6f11fb-0ab7-429e-bf44-705b88fc73bb} 2060 tab
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:2868

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.6.65607771\283670162" -childID 5 -isForBrowser -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 22471 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {048b4b98-8ba3-494d-8410-a9045b8182c6} 2060 tab
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:2616

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.7.2081147048\1392679737" -childID 6 -isForBrowser -prefsHandle 3248 -prefMapHandle 3256 -prefsLen 22471 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {37d6c689-a341-47eb-ab2c-7a1a799de2b3} 2060 tab
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:4040

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
4⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:2952

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.8.1405268329\47901269" -childID 7 -isForBrowser -prefsHandle 1324 -prefMapHandle 2516 -prefsLen 22795 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8cf01d68-c193-4337-942f-eff09b872494} 2060 tab
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:3016

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.9.1874482472\1527905873" -childID 8 -isForBrowser -prefsHandle 3540 -prefMapHandle 3556 -prefsLen 22839 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d2601f58-3f4d-4a33-a279-08ff3bdd6607} 2060 tab
4⤵
- Executes dropped EXE
PID:4064

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2292

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.10.1208686334\1232802042" -childID 9 -isForBrowser -prefsHandle 2088 -prefMapHandle 2060 -prefsLen 22839 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {256511c6-798b-4103-a968-d5fdf4bab91c} 2060 tab
4⤵
- Executes dropped EXE
PID:1660

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.11.392536188\1604567503" -childID 10 -isForBrowser -prefsHandle 1500 -prefMapHandle 3176 -prefsLen 22907 -prefMapSize 243693 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {62b29b1f-0f07-4b6a-9304-bd9db2ccc15e} 2060 tab
4⤵
- Executes dropped EXE
PID:3944

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
PID:1876

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.0.1391505684\1456345603" -parentBuildID 20240213172118 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 21599 -prefMapSize 245130 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d53bd97c-7e8a-434d-a000-371d11f7a8b8} 1448 gpu
3⤵
- Executes dropped EXE
PID:1332

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.1.1422189965\464115070" -childID 1 -isForBrowser -prefsHandle 1980 -prefMapHandle 2036 -prefsLen 22081 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {88da56a5-3e23-4a08-92ea-ef793e871ac5} 1448 tab
3⤵
- Executes dropped EXE
PID:2928

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:21bda329e94fc515600b293b220aaca8b5264d8901ae3d47297fe9ee8b +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1448 DisableNetwork 1
3⤵
- Executes dropped EXE
PID:2512

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.2.1350281509\227566635" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 2364 -prefsLen 22211 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {402e5903-213d-4069-8f4a-22c335047b96} 1448 tab
3⤵
- Executes dropped EXE
PID:1316

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.3.770882175\202152800" -childID 3 -isForBrowser -prefsHandle 2852 -prefMapHandle 2856 -prefsLen 21269 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e391907f-be86-4fc6-9526-7498d3f75c2c} 1448 tab
3⤵
- Executes dropped EXE
PID:2936

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.4.2076821122\771346297" -childID 4 -isForBrowser -prefsHandle 2880 -prefMapHandle 2868 -prefsLen 21269 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4092fab0-438e-444a-8f8f-5124595a625f} 1448 tab
3⤵
- Executes dropped EXE
PID:2852

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.5.1163066496\451082813" -childID 5 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 21269 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {40e8a50b-688a-45c3-974f-6c53dae590cf} 1448 tab
3⤵
- Executes dropped EXE
PID:844

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2132

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.6.1877626627\2115133683" -childID 6 -isForBrowser -prefsHandle 2880 -prefMapHandle 2988 -prefsLen 21321 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e843b9b6-2d9b-4411-af60-1e51b87e7754} 1448 tab
3⤵
- Executes dropped EXE
PID:2060

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1448.7.136437821\323744159" -childID 7 -isForBrowser -prefsHandle 3556 -prefMapHandle 3560 -prefsLen 21321 -prefMapSize 245130 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {aab1ecec-403e-4c8e-9925-9529b6c660da} 1448 tab
3⤵
- Executes dropped EXE
PID:3652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.0.1905715632\212720257" -parentBuildID 20221007134813 -prefsHandle 1124 -prefMapHandle 1116 -prefsLen 21553 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8bcc5f8-9397-41ff-b499-3d10d5cd6f0c} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 1200 11406358 gpu
3⤵
PID:3056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.1.1544689543\664679688" -parentBuildID 20221007134813 -prefsHandle 1344 -prefMapHandle 1340 -prefsLen 21598 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e83bc55-8e52-4065-80e7-75c234d4acf5} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 1356 3f32958 socket
3⤵
- Checks processor information in registry
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.2.1464435865\834433511" -childID 1 -isForBrowser -prefsHandle 2016 -prefMapHandle 2012 -prefsLen 22059 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d67f9ae2-9415-4d49-b3eb-8716798914a8} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 2028 1a775b58 tab
3⤵
PID:932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.3.1023168019\812433386" -childID 2 -isForBrowser -prefsHandle 2356 -prefMapHandle 656 -prefsLen 27237 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1caacd77-a1b2-4745-96c7-31a7161e548e} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 2408 133b7258 tab
3⤵
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.4.1518990391\39494633" -childID 3 -isForBrowser -prefsHandle 2360 -prefMapHandle 2392 -prefsLen 27237 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e471a3-ea29-4082-8ec1-46bec7b20c1a} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 2424 1bf98858 tab
3⤵
PID:2940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.5.842398217\1874074232" -childID 4 -isForBrowser -prefsHandle 3328 -prefMapHandle 3332 -prefsLen 27237 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff9c5b07-29ad-46cb-8866-030f3d0b328b} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 3292 1d5d7558 tab
3⤵
PID:4036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.6.107451438\1283995982" -childID 5 -isForBrowser -prefsHandle 3456 -prefMapHandle 3460 -prefsLen 27237 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c58dda0f-2a3e-452d-b6cd-5f8e145473ac} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 3444 1e72ab58 tab
3⤵
PID:2196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.7.865390639\969059443" -childID 6 -isForBrowser -prefsHandle 3632 -prefMapHandle 3636 -prefsLen 27237 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed49ed77-4441-43da-bd30-773e8a197abd} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 3620 1e72ae58 tab
3⤵
PID:2760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.8.1152005125\1115688886" -childID 7 -isForBrowser -prefsHandle 4248 -prefMapHandle 4224 -prefsLen 27246 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a3f2f6-eff3-4862-a08f-09599193d0ff} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 4220 20134758 tab
3⤵
PID:3700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.9.77618295\1581081783" -childID 8 -isForBrowser -prefsHandle 4412 -prefMapHandle 4268 -prefsLen 27246 -prefMapSize 233816 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {840a8b5c-13f6-49b4-a8c8-2104ccf3087b} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 4260 21d71358 tab
3⤵
PID:4088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:768

C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3160

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
2⤵
PID:3456

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3352

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1088

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
3⤵
PID:3996

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:3412

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5565f112190218e14584ef07dbd8890

SHA1
e7530f2820fc37acab7aa634bd0352e76f13bfd8

SHA256
ef29c258c07c88d030a322a89ef467b7be8569f3f9d9a0bdfa19336b0fb41912

SHA512
8cbb447f30e2ce36eb14a601d9f866c89d29e7bda505985d966cfcec779b4226b63bb72723ecbc2028f2dd8678a0c79b9a85f352055f50020f147d570e987c1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\doomed\22730

Filesize
18KB

MD5
13472367776a001370c01e5c29817110

SHA1
d12bd6e16aed5dc19b75c49c5ae8dc41a323f6f0

SHA256
fcce2117344fc5608c715e21f47c29dd1175aaeab6cb2522bb4443caa65cd421

SHA512
fe08c2e7af50a2f4eb57b44e3737445f0f7a45ce20f118951f5a13d9c7a99636110ac5e5a3c33f1f808bb91233ac066b712154182e4c8959f1841d7fb4db70b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\doomed\27987

Filesize
18KB

MD5
905f07ab6f0b64f17cde18f8642678f4

SHA1
b16219f6286ed62ca2e97e940dd7db026efefcba

SHA256
16522579320b7166a770f701e13d716d8c75f26210460d2b92e8fc9128925e61

SHA512
8aa43163c892777d0fa9facc0d662ca00c9d58a36249520b9f607af29ed508eb9b5cf67569e1b583f93a9a83fe72abf7e7454764418ca12b8e9ef26721283b43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\0B64D5DEAD0290398D9FB907F7C6C56F129812AA

Filesize
47KB

MD5
2618357d13984069660bdb697e722a62

SHA1
5fd61a55da690f4ae78de052b1894dd8093b83e9

SHA256
2c5c2a7399776ec85477456c758f9da0bb48faf1eb51aa96ed50b3a7016b2b97

SHA512
3e40a8078c1b9f5a4d7e549177c76c3834061eaf0591c931bf37e3b61dfa0d01c05f36b8f4308380dfc3cea388a3ff882b063cf44a5b9ec1287d2f70589d59f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\24082C4A35B9816F3C28177A56096D5DA9D3B18F

Filesize
10.4MB

MD5
dafbfc614a463173e2d44af79a498717

SHA1
22056d54dc66fd51e44324172805780f26486a9a

SHA256
498a80a1ec40821e59c932cb4ff02580a65a73b83d3a1fdc8bc5386b8a7fbcac

SHA512
fdc32f0ed598af4c04d28a548bf5690175b388d8bc3c8fa3c11b1e4a548c558e4154b44a4a7dd8e80c77ac6a9a02760e5058371adf20b5e53128fb3552001a38

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\51BC5B6A182E1F85C197CC9010BE167A3404E6B7

Filesize
37KB

MD5
f9396d486c9bc4610beb7bf1e3bc72c9

SHA1
7c5b6b331d8b981b10c4f563715cb65740fd807b

SHA256
de4ab6efb0f49738c11e5a3e4b7605d8430e83a66f5ffd145a0e2c992edeb101

SHA512
313a8754fcb59f9a728a1e621149ca334adf6b676681ed1a932b18f50bd479c42a85db2ac9df9f4e54a243f8016cda19a415e1aa9ca22d773863823ea27c3e54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\57973BABAB7692C1F5903B0622784343984D23E6

Filesize
254KB

MD5
e4171ea467a2a8ded463a90e37c9c1e1

SHA1
1fcb54dd9a960ee51faca6ecbdb70b1bc23955b0

SHA256
9b642a6e8122a1f24cca1f80248e27df02222e5cafeaacddb436638673e00dee

SHA512
ec8832563cc96ac0dc296817d7eb0b9b12a886dda9eac591771c89a2d7de21314e2f48e60ac0ecbece7126623c48e6551fec286b2a03d06267f34decc03e11b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\58A329E5EEBCC3BC7689E873D5E14E3671C0251C

Filesize
48KB

MD5
4413c6b97ed2eab9ffd7369ed9cd1a92

SHA1
85ba498e52fa90dc2d929f1f57f81781ce95814f

SHA256
c298b85c084bc19d935a0c7050fadd25af960e1b7615371e1e5e99df1c1276d0

SHA512
4760d65c6cb0f86955910185306febb5d7780854788b0e512af017b062d2f712feb283cf2d9cf2dabe366daf10b1ada3cbcb8c0e9e253e7d7d346944fc32a3a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\5C74EB3EC4689821F3193125FB0031C1228E3FD4

Filesize
20KB

MD5
f87bdddd5f02ed74814d659213df3d79

SHA1
0a46b2543271cc111ae56742f2ef873c44512bfa

SHA256
a276813a0ada2879f9e205bdc29debe6e843dad883a2277a20093fcb4b9649a3

SHA512
6fe9b3bcaa4e84f75cf9289c62ab47291eb5e65880fdb88e2a91d6405ceaadc31b84d706c77665a8097e79484b7ddee20931e8b899f6cd1495aec7a096ec9c9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\64B2FC5DC13BB0BA0E236A4DEB307438A7363871

Filesize
97KB

MD5
9074a3e4d37a10cbcefec70e7950a546

SHA1
0dd268ef5003656582b84bbd0aea58db5c4338a2

SHA256
e5a6e8ef25410f73d9ff6237301d507f21a5de8bdb3fe55328d605a46960866a

SHA512
8c34c820c43d9b3b0d65c4546aec3fdfdaa1b37eaa0cf9a9bd756458650c2523e2e01d145bb93fd84af980743b3924b94727882f5fea17a356651af9275e058a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\71F064E2969D0D430DB1B5A6E78F0AC59CD90EE1

Filesize
35KB

MD5
623fddde31b005ca0f8f87a6bb7a6c0f

SHA1
826393a5523937d2c070bbda8ec9542f75b43251

SHA256
ab497eef72043d2b1a38138c67f370c2b0d9efe0812cf1bc186c7fbb9cffd003

SHA512
08c8d0b16c8a9225d436ed3bac1cdc0c8a42974278ec87c194b5aa0e565da9715180afecab11f46a36c12134757af0ce3393112e2ed68c87d6970d329fc89eaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\80285EC16EDB2FCB53FE4D6500B0396AC776DCD0

Filesize
664KB

MD5
cb85131814aa0672594d6d4d72bc4b34

SHA1
6d23b77e7280e39b3b0a4fd22b87d1fe31814a9d

SHA256
307e54ab2034298a3dc925c18b77c1af273f1ba665c5fa373d40c9235f4f9cbf

SHA512
67c67a5fe2d7a618d00fb7f3e9a7060a126f78338de366976c672028f73e20c4253f631280de04ea6f7baf998ad1f26f678f8240cc3297e35efe851f9596fda8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\9617E19A5E105D18EA91DA1DB2A1CAB4D5CEB41F

Filesize
202KB

MD5
3d14ff9d5d18309cb8765398260dc870

SHA1
12d1509a61d394e4ac5d211d0dced3d084e83461

SHA256
d1bb95b8c1956bf483f51493f66ff50b0fc603a00319ca01a811d7fd27fb5056

SHA512
ac021899bc9fc7b15bbfd20a4c9ce0d5f6a37e81398b79f3c1dbdbb0a2708e5c84b2e93b17f7a3cd50aaf4face7c736c6ea6f2dbade76eb3a6888976f5cc1f96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\ACC88C413B3874FCC9A7595D4FD3EFF93F58097F

Filesize
60KB

MD5
e4f77ac4706bd17d79eefb709b8ab438

SHA1
5645d32eb8da13d3c5b4bbaeaba4e37e5d326116

SHA256
588d6c7c778c5944e26218e0a46080f2c06e447095f84e8eda3e420ecbc89307

SHA512
7ddda340fdc0092c994340f301c5080fbd77677b0b0eb12386d9cfb01c86a24b64adf42fb2882836543ae7427e9f33768a6f6706107442c29d94fb18cd17041b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\ADB77CF89BB7C3EACBA0400910D8956D4F8A5D23

Filesize
1.2MB

MD5
bdbe60ee666e726481579b4a7bde1ed2

SHA1
0f2fed60c842565001d9fbb0f4067bb4278501fa

SHA256
8899fb51eb82c4a93d639016d1b39a0bf9971be843ba9d57bbdfc8bfd9e2ad95

SHA512
93ba2f350a35cf1db6fcdf419a529fff7f6225af57089848948233fec5744e4989bbdad72694e52f16fb71da0dbe158d8c6da8cb513c952c9dd8ebd5bde869f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\BD518506D48E5D9A2A1A812001B343D87149620C

Filesize
175KB

MD5
27c2d9e407dc472cdb6f3e0abdf90389

SHA1
2eb8e058eecc215579efe8c56bbe97e6ac1f7233

SHA256
3c44ac8ab84c6cd0f704ead16d0b087bc6fea800d94f9cbccbf31fdc35f53f58

SHA512
0639494202620ac2b5fb49f8d02c6bcf1de88f578aa208227b08eb3e2e5c6172efafaf584c54cccc21df207081c165def0c4af753871d5817207836e9e30f722

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\D105AB5F954C0907C9073BF810F90A3C36C6D3E5

Filesize
841KB

MD5
ec67c8fe143b22dfb6a11b998827e9f1

SHA1
7845ff92edc5b13ff4428ab6c26b9d3616fac629

SHA256
52eb0b593a8672331c6a678d960162960f0cc41834ecdb067fbb4fa3d628f38b

SHA512
88fc2ee63b24e087974f5bff5d89b088078cd4770f623d073281e9bb5822ed4fbd6c2298a7d188e759289828e6e63f483a288bd96d0a2adc2310765266bef69b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\DA15CC1D7BE00A237988F8576D563DCE20E3C384

Filesize
83KB

MD5
188401010df1af549b9bf6ef7f01aa1a

SHA1
4a700df2ad405d6d5f09d44f1c04fa968781fea1

SHA256
f4f3859ba0dfdb51b4d615f45cc3b1d405c3efe5edb8d29a6a1e31ec01fe7ff6

SHA512
a5d0e68f61134bd6001602dba1af28077fb04192038ff829d5f77f79f36661c6f00c4039b30faeba329634ccf29f59f69490fc0cbd20bce757a8641b43356a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5505.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5508.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D71.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
2.6MB

MD5
3aa200eb4a3497b016b4b55147a5f727

SHA1
fe48aba92ed49e01686adac20770b2564e985ed2

SHA256
600f2b3b74e3b30b302ea3e793a901d902fea113c8640744e96840e5204c3c3f

SHA512
d467d99e82cb7a9f3bb1b3910df49534a0d7fe3fdd39740beed10c9c9b358153931c39f86287fa5fc98023711814231ca6b8aacd06f315c60582c2112ef4b55e

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\broadcast-listeners.json.tmp

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\db\data.safe.bin

Filesize
15KB

MD5
9b280398f89008ab470f2164138fee6e

SHA1
c3a8584c8d0a879d96b49547238245436d991eac

SHA256
61b669f8cec18a76dd34bd5603878f753b3c1307b789a55085eed2f7decf0421

SHA512
dd55583c4033290d215828c45d7fb359ff3fcfae63cc9cecf493e8d5a019e07f89df4a7ce81286e54eef3bc2f18e1ed4b8b5982740c2f82a5f03f0071fdc877c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b87879fc5f2196b7e1dbdca12108828b

SHA1
96e58da3dc1b174fde7fb4e5ccca0de7b6b43916

SHA256
5500abdb9b624b6f83758b35a1f1ce793c7dd27b9dd4a1438e565783917df30f

SHA512
eb4b815fa03a6eaaf8ae2b6577646310a71f6cf6d0b9c37f2b74844df9180b782ebbf2d97131d9189d2fc8db6fb8f2d8a07aeb0b13f54a08eb743afc7e7e115d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\9c59b3b0-126d-4dfe-a390-e27be5779477

Filesize
1KB

MD5
be2636c4e1e77ad45259ab24f47a067b

SHA1
4eddb61bedcfe260715f525049b06de5a6a3548d

SHA256
304594052b275bd4e7e19bf281e9817e3fcf50b385b004b4ebf50458e07aadec

SHA512
afd0acf9c2229a59ed4d7490e4ad1f8a768e41c30adcc7e8fe1fcbbca6a873651cc02ebd7f1392bd86683f801005ee62bf4e631d62580447eea37f6f41f24f44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\df199065-8f1c-4940-bb92-a1cd273fa825

Filesize
789B

MD5
1535127f245c218821afd3ebb03e2c4e

SHA1
b004219abcdb28c27086efd9ea29956afe51b0e3

SHA256
6e02cd75beb5bec5b4ccf51c836b9b5fa151f91add0d0abb2be236b45b7a6a39

SHA512
efdc58040f1fe828587beee3807be662981f15f795acb8f519a79352dd6f1d30e49f0bcd160109f6b95defdb25e8019b097f846e8f1e0a8b397bbad5b2c176f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\f368742d-225a-480d-8f2e-645e834cb3b2

Filesize
11KB

MD5
82334e0abb80b52495751022d48303fe

SHA1
b68050758c7183275b4869f7a50920efc8a3b968

SHA256
beb0758681f866af0b7f1687ff9a6cee8825d3ce2c80ad48dc070af810c25fe9

SHA512
a376d82ce316dde58fe066408f3974f3947977cd1507f77c4cbec40b997ebb16814ca68f000f62dea38359110b690f1d6ff1d9766660d5216edf4929b76dcb61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\ffffacc4-b997-4ba0-aaf3-ca3da8ee595f

Filesize
745B

MD5
a688e73f2d49b0635bb8b429491deb7f

SHA1
ef799c0900d0238f3ddb1dd65add11c9970eb8d3

SHA256
59889500f6e07112911f585d20b2ed05c1f61b204506ed6bf1aa79c6cef11b10

SHA512
c7325e4e136e3ad11e0a0159477f011a719588c1679880ff255dc74184907fef317bfbec63847ce6b897422568c4acba646772a94b1ba2e13c120df7ff4dde3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

Filesize
372B

MD5
6981f969f95b2a983547050ab1cb2a20

SHA1
e81c6606465b5aefcbef6637e205e9af51312ef5

SHA256
13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

SHA512
9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

Filesize
2.4MB

MD5
b0264d27e633db2edf4419774ab6e353

SHA1
6d1ef9dc2740413e3c18df09101fc57217a29eab

SHA256
c7139e5070c518de12425730dbe168755c64ee4f0f1286a72d0bed14728ee454

SHA512
9c99e547c446ce9f1f29c8dffacb1c3ed113026fd8025bd4ae994890616291727d5deab9f212435ac05ccb061694320578f72c4d72712a21403f5475c3cc4f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

Filesize
1KB

MD5
dea1586a0ebca332d265dc5eda3c1c19

SHA1
29e8a8962a3e934fd6a804f9f386173f1b2f9be4

SHA256
98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

SHA512
0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\places.sqlite

Filesize
5.0MB

MD5
ec0c99feb386e7f4912d54a4dd3dabdb

SHA1
daa9cb68b897a5643d6655bc63cfa7a503550026

SHA256
79203d50a32bb65bd48e4d2dbbe053fb04fc49b9807b9054a9b7a848328372f6

SHA512
16943536c5586ef5148f185f6ec5dfc73973e69b1780feb97efdef8b1c24b59bae1c6bcf214434890c60771b1f8ce469af40308fa5eace533709be9753f34e3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js

Filesize
6KB

MD5
bd380af01b41df0946eaab56de952ae5

SHA1
d1dbd58c8c4a90d36b43ae966c1e29be3bdca3a4

SHA256
7c7c9df76a1f691037109e0ae878e80317f1acc7b3fd1b652d6660b4f6ff7ed1

SHA512
51c31b76e1b8ce0146c4e2802ebde4a6a4c140d453e78ae7c653ef2e0f9eed489dffec404951b5fbe50e862d340b2724b512c7efb2c533c66fa206180869904f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js

Filesize
6KB

MD5
0e6d69826cd6ab2da9a9f6bf8779779e

SHA1
c16867c6c0317a1a3842a7d504f7f980f605925e

SHA256
4b0632ca4299353dac7405e1380c384464fc7269c77d6778c52342699df16721

SHA512
d133b2d312667c334102a456398449c5195a0184c8228a62a876d1e733847288f587ae3bf6fc2be30da9c61ba976f6a363c63c0f7d7f13874807806d7f9af145

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js

Filesize
7KB

MD5
cf655d947933eeedd00fe07e6c0f2bdf

SHA1
747576f957567b5aa6e169802b7a2321727111a0

SHA256
c641dd80eb940d5c174b521ac5e21a1a8f0bf5b3853473f41f34de08ad1b6745

SHA512
aabf2daaa57b55b9c4ce982ee2b84f7ecb34ba2e4126ec4e23da11fb686b7296fa8e543cc892f81ecc8660ebac4a3522c1e083aedf52ab455905c57db670593e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js

Filesize
6KB

MD5
45c6628c359ceae7838ddc7e72ad4fb3

SHA1
b98065547640909bd25997268f0085961a04fc25

SHA256
a6a05c8cf84b35df5fc16595f78b5a25a24b5a130bf8776fab83df7bf89a1cfd

SHA512
7417850b107a42392ba4a7783819d4093ec6d4ffc3e2734a1dc33c5a234253b5b0df66fdde057075dcb0d42642b055c04304a5d58f07af789b8f993b12b45920

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
48da07b783e931dbf3b1e93036b613b0

SHA1
9e206fe09cd4ce2b004cd8f22296d141b8a79795

SHA256
992f42834284936dfcca5fffa840b84fead300e75eb1b4b81a72d67d3ea100a9

SHA512
e912fa149812325e1d0c0c7e1342d33d364aed2c4243a12624f89310209ab6c5edd1e749e19ef694cfb498cabce95304741284fb15fa06bd5c5e79481c08c639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
41763fbfd4fba1858b3a56464eaeb244

SHA1
d98c3700e3431922ead1a5cccf752c845dded89d

SHA256
b9deabeae68f69766c9cee7c2ffab135e3812b284ccbfbe9063ea8166b4f4c3c

SHA512
6e082ef8159d0e0ea66aaabd862ed06d1182e3e634c659532c50de6a4779df9315e2f9d37f3d8bb30350804ac7ca57f6d99362bfcb2493a4ba78552daadd056f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0a79e5a82abb0f6d9289fc538a41da3a

SHA1
1d7b1172cde45366ee2e82ebbe46fcaf6cf608ce

SHA256
63d94394ea7c3287d6258f0e3b06cac4623f59721e203f31b4d9289c0a5f19d0

SHA512
c4e39de1db6c609ca5a4b640ce6c5d8de05fe929e4b023993fc5378cb264ea7e3d66b1da6a59f000e35f301658f74b961882b1bb80f5b757e405313acf0bae40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
78064ea28f39db522798c6f2104f7db7

SHA1
3956bc334f6288c2a2c514bc61ceab44b800bf24

SHA256
8cab1212d972d62630fde97959a3053319cd359205f33db2b2f1d49f42d53746

SHA512
d242900537396a10a1b441b76141508fee9eea4eb3193eed856b62b048577fc5d596b3c184325e1da7c7b9497a17a2143ae5f90e9bfcda109d88cf674b5f8e2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
a77f2dd1a3ce406928ad8439e9833ed6

SHA1
732c49de13f7a433533f10baa3639a62e3ea68ad

SHA256
13a446c2e54cb310e009c2fe6cedb02d75588494f961d8723813e40601e48775

SHA512
ce422356b2b0787dd346b9ea32796daf2042a2c69aabe640cc5c2fc5b9dd77ae9660501ddee7e8e35047f12b1645ccec81fc3adfbe56491e4139a2e3c8cf124f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9946ff4b2789324204006e93273e9116

SHA1
81792affe2d59cd38c6f4473bcfa84f9bb6b210a

SHA256
c3b8af0eb8f41bd590187a1e5804364b84579371c345b4ca92459182b9241cf5

SHA512
93ff04f67fc74a65ee72c4b035c7fb3b6bbcae88684e366ba1b4794a4a540348640c492b2a2dbab55e9be16e6c8d0ca67c73ed8a9c534494d191497c48b1e23c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b1b058325bcb150363648e438f920c58

SHA1
3175cc1663a8e3048e44ef0743eda2e550fc223e

SHA256
5f64df7f455aa270901bbb00fe46b2b733f9a1ed3c2253209fc5f3c1badf0149

SHA512
87cd17f12429dba4466f799868f15b5c7a944e93a356f8771f218d5b027898b2d6905034caf8dde753dbc2ffe2e9de930fc6d6753b40d1f7de9814cd1069e201

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
f18163b42fd0524402af6c693e7a41b8

SHA1
e4095148afcc8d194647a0565382fedf7bfe56fd

SHA256
e418e134190f899ebf9f8caa280f38b2c2473741d3a531c182e7556dca82417f

SHA512
2e74ba54f890111278c6b686233e830786e9590db014040e1084667c1f448612b1d87301ef29a8816d58a7c23804f7491e29b03a3bad6c6076996820a85b2085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
117366a00cb64c3dcf6922ee168fef5c

SHA1
b5bb9203adebb3dd7fadd7c57da9e2cde2f44d46

SHA256
eb7e156b250a574fa9ac2a94250a9b4657316592b3a9e554e66977151ca2eb89

SHA512
71089912d84f861e924003bfb0e873b4aea6222f45fbad2bf82cd0957cbc613d05f4c6dcf037c4cd06959f092eeb8223b21c92e16ef20032dc0ce66c280b5914

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
26KB

MD5
c88779f40a2404e6052ae9d5f47292f1

SHA1
b592948643c527ee81d3516c9b8992561f641a12

SHA256
8aab8b54b50c7dfda59ff1e2944769a9d4d14b619723dd9d7ba6a692a31dc45b

SHA512
e85ff7c64283aff7623215944df0c9775b412ceeb4cdc65e6d6ee4ce936b084dae7b1a1e5c5bcffedcd1c4956b0740a7e0ed8d77f823342f6e07d8a3c2605f9f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
432KB

MD5
c6e3fb29a195e999b6398731d903e2d9

SHA1
ffb7a9f0034b854ed3c9ad875c9e72464066da36

SHA256
37b71b2285ba0ae96b05bf28197e0cb84f727b0267d31185a75c443dfd963447

SHA512
c70d6bc6e642a83e22d4a3f72331c574cf222f68113c21042d24f776c252e2b118a0b97a15cc9c8cd237c46681a20c9dc28a2a8e5271d15f67c3ec4c1876c359

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
3dd9f0608bd3a486caea0a9f1ffcfd42

SHA1
abeae587f6b77f18e1fc13b5820e0260e13bc759

SHA256
39b79866c1105c5398a0b14e3944e544f39df9c6092b9f6005ce67c421672a24

SHA512
9738ccc694c5cac86cd1792faf735d1253433c70981107fe2dcf459546d83b40216e098a927f87b69aac6f3363744988eb1e7f65c612e67208bb8d8922b90056

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
08cdc177cd0a7e4a16f664c5fc834b4e

SHA1
545dca457e7ece90650d9d28c4b238d51919588b

SHA256
bcaf28ca5b59c212b8c126e204b1be105c6346b50581db6ca6d1a55a2f345cf5

SHA512
92556e5bb32a146290905f25ab74788c5a21fe277c37d3264abea4024eec46f4066375b4f37e96edf20a62b38e00cb02e998da0075b53d6d37db17f0b06d556e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
a6b1289ab169c709a81da84bcb5f2e4f

SHA1
d56ff50e4ba7b765010a5a60be68d766659fb7d8

SHA256
d46146843556a8fee92ba112ed1df9a830f909abe28a7ea1b3a56adda751d540

SHA512
930c87c60010f607ccdd110c99a8f84463104f2a19f8f43b65649eb303877c1bc8d219fe6b4bcfef9736a7f273d705ef752e39cb00d49c27bbb306b9667df465

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
cd8617668e20148ad749b50854459da7

SHA1
4ee056696c10191b3f0b4a0fdef592f7f6942dc6

SHA256
7fbea60b4a6a885292b4efceb87aa9e2b054ea520e0c6b7739b58b5652d4e0c6

SHA512
d3ab81b4861dc38f77d470886733769710037ed826e3ae65bb4ebe3d572ca2f1a06bd450d1b0055359104a6f60c6c9289a700719d624ea07d822a20a1bf08684

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
667346edd0621ca51a4fa2febd031cbc

SHA1
64d2df3af3eb5d748545572ffcccd3b76345b281

SHA256
5d9401d486e79ef374f7fb3b45ee8ce4826f67fb5a261e406bf991bb3cc343be

SHA512
d0cdfb5810639c059a53f86fe2c6b37f9268889a1caeef3d445b4d37a9349d4f94d0088ce8c3344ab1412bf8443d505270094abf925bce77a8144317391ced05

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
5f6f563cb80f01e427af23fe3d89d6b0

SHA1
a3fe33b0eb2328fb9083f39df830ec7bbee8e322

SHA256
ee96fbfe688038cf5f0da1ff5fc0d52f33739642323513dfcbcbcdceaa7b825f

SHA512
5f29e90480f90f15491cabae1de85d1ab1525c23470faffb14fe89388175f020a83d5ec8420acfe3a032217a987a963b4eb91df8fc0316e73425522d6395795c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
241B

MD5
48fcad918c62db97e9af1dba1d131473

SHA1
d89381594d3241b0e645033f67572a5d8c166764

SHA256
dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c

SHA512
2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
160KB

MD5
1282477b610106d8272baf163767ce2a

SHA1
af83e2aa6a695cc34fffa310dbe0c5b17f621a4d

SHA256
d35d66c3bc668d0081cac841193c980f907fde2a70aee4fd2aa7b3d2e7dee0dc

SHA512
5856a5701c18df0e256b18b957e5a1f77c978b75a8281c3967005ce7dd9622b63f046c70e6ebf01fc907119ff426ff489f9a7b75828865fba18aa7d34aee68b6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

Filesize
138B

MD5
d6e183ed0355f1fd2aed70fec95464cb

SHA1
e83f748d2bb157a5dca5ff60edaa0eab21d7782c

SHA256
53be60dec702812345f58f2611d6dc27b8c520be460e3c8f06a456c1eaae1744

SHA512
8c6d2d6b45a71fe6963177aea0d9c5831343f81acd23d039849aebe204d82488714844d4669db4e8fc13f6b64e1d6aa12dffc393dc124f320e4fea6d241b56c5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
1.9MB

MD5
3d6d90df0eda946ec0ee82a7796b892e

SHA1
d270f6f23ba8fa35b2b2a0d79e075b60bb475b95

SHA256
7345c2207b6d5f1b7aeba7fc7a2092ac7454db74fe6bcf2b9d1c72b72edfb145

SHA512
fe5db1e0b2a1d430f955ec7f8b21529024824f192673227dab11a35772e27297649217de53f6ba92a2cec0d6270cf815cdc197b397a6323da585f77e284bebdb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
5.1MB

MD5
db6c3de35b43e1301bdf1577f682bbc1

SHA1
cea5aef5453a9c57ba93af29e864646add0664f7

SHA256
1f3792a0b2cc92d2c2494567aa35226e816289265a4de0bc9b1b06ab66033d2c

SHA512
5e6957974a1899fc256f75aa1e69c20c512a23ce2061abab1dc90a3a25af87582e95db2f5ec0ea42315d77dff25b02bbeac1485c3a5a20d929bf7257fef574ce

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
990KB

MD5
efc0a34d5d17f88f4106f2c2a292968e

SHA1
821b7d1f01f0061506820fdbe623a7447924a692

SHA256
ce43b1b06451f2a177de644edea2ffcf203f322e5142aa7a6fb90288dbc7b01d

SHA512
340316cb395867d30b68a1f445f496292f744117381f56bd180a1e7014fd433eef5c2e9c3b76cf876483b0c33a60fde6a3a79da9d8a3a106db5e4993af139e4b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
1.5MB

MD5
8f6dd8019e80b75a8da11aab2e58739c

SHA1
850aca6762ecace9c0f64d0a97ed409b3133893f

SHA256
93810de261700dbc376c6599922928721b9c87a17a08c6c271871fefcf34ac80

SHA512
70d14f590f44105e4b390ab38641878305b7d4187af4c99a739d5caf19758803889bb132089e31f9054524fcaffc59f6d3206533b546f797249aaf88c275af6a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
288KB

MD5
5bac81b707ffc455d9e457913c0b9bb5

SHA1
d414550bbba8c4f60f9507b089f97c6a44dcb112

SHA256
3cbf6cadcd7b762b0ded44cb5539b72c54fd1a4bd0084a9a59698c3d37bc89ae

SHA512
8a5e0a111d15ed6afb29878d6808a5eab0b2ed56cfdf4d1a31267e5c8874615812cc79defbab1150bce40bde36b94844dc2654d08d19b57548fcb25dd7a6a547

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
1.5MB

MD5
a378ff0db69e3231f27da0bc49ec7c6d

SHA1
c6a73c3bd412916656b8ee446c09daace30b2604

SHA256
330b87622c2055da47083fd98723027500d06e284c919c7bfcc3f50d51302f24

SHA512
fc29991b15b1ef335e08abb44cc7858a43ecc2050db8b9f87f7df184dbc283d4582426fa29a0e11552c0abc2ea8395a34d13b901366ff40a069de80b2ab951e6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
1.3MB

MD5
449f5c10d2c0cffd5e1f11135d04a2c1

SHA1
6146f8ce2f2e0dd8f216bc4842b755873ecbd43b

SHA256
c1ba717cbcd9a423265972343610697885e38097a5d156dd12af0b9aace3dc42

SHA512
5ec5e11561cb6c6d141e315d1b096bd924e834a764a8b6dcb98316f1fccfc83dc4f5eacf6014003beeda53d7738bc88e781b83027b1b97bb396a37a64defca57

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
1.2MB

MD5
e9d357fd55da1e79b33ba01f12b9a018

SHA1
fba9f7b22bcfeba27193f3b786c80b1a26b0ed08

SHA256
598a5a49ea5fcc3daf871640fde3b7aa68e5080eb677e0a77e6c3aa5fe8056b0

SHA512
1d60b1e48ac4784930c2360700b7faa3e88045ee3f0ec1076b37c4b35ee436c79aefbc4ea5094b6049fafbc7b0b874a934fe6097f4a2b2e7c26a74addc31c3bf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
710B

MD5
4ea99c8105a5b3459db4d470cfec9ded

SHA1
ded7321c605d075df36794da1c3a392f4befc31b

SHA256
ee2d7b7538adc4b52c303e1e9773d504980a80da62bb6cb70c3194d1cd570152

SHA512
e13f5ddffff1b3dcd8549be2b0f7d02d223bee4fa8a50961f4ae9bc93f492afebe597296ba7d1cc42682b36d384520061721c47fc85e4119b9e63642a7d4d35f

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.a5RBPiCD.zip.part

Filesize
119KB

MD5
f5d73448dbe1ec4f9a8ec187f216d9e5

SHA1
6f76561bd09833c75ae8f0035dcb2bc87709e2e5

SHA256
d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064

SHA512
edbdc1d3df9094c4e7c962f479bb06cdc23555641eeb816b17a8a5d3f4d98f4d1d10299fd2f9152d30e3fa9e5b12c881fd524e75612e934b287109492ee1520b

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
2.1MB

MD5
443318e8439e75f8a90c64c63072304e

SHA1
9c3c743dee17726d408fbfc6a5ce61a38d48602e

SHA256
7efa464604776d1815e8f88a3cd0c3ecb54206155fda8e6dc643fcbe0a616efb

SHA512
47b913eb68b26239c7ce548867e113d2cf4d12cf0a8f30e7c518610e7267c7057dc834a9022c835f7297824ef326f34a76cda5b235dcf86552d257a05f2883b1

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
1.9MB

MD5
b60a5556f4a7cbb8998e41067b8581bd

SHA1
8c3d9da536d01c6d59467663f4d67bef9f2f8c6a

SHA256
74322a993ece52ca1b26537ef98e5cc80407f4db501f87d3e54887aa8347b93f

SHA512
7783048b43be5a5b99a41e336b696a1c250279e709f063fa801feefe8cf07a69f17ff5233eac3aa60f737153e3ee0f00bfafdb005a90be984b01a9f765282e03

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.XFr0KZfD.0.10.exe.part

Filesize
7KB

MD5
bfa3546cec9c2805af7bdde6affb1a71

SHA1
8851566a5e6214bbc8d9d3b42b252c6b2470b1b1

SHA256
0dce66a77afd90a7fc3f3a986037974d42cb1d1d21f6691b93780a3ce3f03f15

SHA512
2a85fedb66246bf4656a34a2e842acd8eb4520a3fd2d7be5d79666b5feef15c85278f0ff8fd9d1a4d819544b5754cb935b97b46bada6a5cda1f9e03111cdc884

Download Submit
\Users\Admin\AppData\Local\Temp\nsz7429.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
\Users\Admin\AppData\Local\Temp\nsz7429.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
\Users\Admin\AppData\Local\Temp\nsz7429.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
15ff36f3e045f98652c3909d99de57ab

SHA1
1df6b4e970451227269e09be8c67067bc8a6d7db

SHA256
d5a7aec0caef36f3e1726b7e91bad676e227ecd1aa6750ad4aef34c9411985ac

SHA512
2081aa0459ba3ea01123b5d3f760fa3198e677c914aa9c648716e667d21338e63a918c065f11c2a10b8c3adb273693825b3b878207bcf39c68c6e7de909eaf2c

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
724KB

MD5
c5ddf91e57bea8fe75168f736954c8b7

SHA1
b612dfd322f0e1c7ff2474fc090789ee7c594b74

SHA256
1767b4bc7d921768bb9c4b84dec95ad30bd3f7e85b63bff974fdf6ed9f4b4368

SHA512
d68ec031d5b6e06c38929219b1c551c574c491d719245d0b526178a5c0fca532dee78ea774f3b07bab24353187c57e98723946505495053d2ee425ba092d0dcd

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
739KB

MD5
a7bb52e6d3547f7b03c86f95b10457e3

SHA1
d277c5a9f171b4656c6d89ac72de9d86218838cb

SHA256
dd781deeedfabcd65e1a798aff94b0025737c62702c519e5c2a7123d07b8f148

SHA512
1e18f5773155adbb4a4233dd90d8af9c50e9b41f8265eb5711cce80f06580b11fb3b2c7c6f7eb3469f72753c2c0c01944cfa2b70b712e1dd994abc85e95c395d

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
845KB

MD5
c132f57b084ba6884074f5003e7e8983

SHA1
ab6c8edefc958a926ec2ef56cfd730eadb55e848

SHA256
08969e86b3e0d86bf401c41619d2611f2f28fe3be976b92ea81c401d1ab6140e

SHA512
94fae4f844f2a53905b92d134db2a8d7b25844a87911521c15ace00476b4de468864d97df412e3232b3cdeafa5fcda5358b637796258fc1b62ac04f12c96d700

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.6MB

MD5
5a8b2b63abe7cf73b7476649c32126a2

SHA1
3a133c39114f55a2fb2142d0d6b216bbf806e2fe

SHA256
911e1b5243e22c9b867f339d5ccdca3632540efaed1a9775ce40c56c93a790f1

SHA512
750952d30593f1c8ef3ac0a8a734fd2af6e839f7ba7cc5bed50b60606a59d3bed462f174225038fef1b6213576902ca035e5a1b11c99b62e526cdb0ce2c0eb4f

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.3MB

MD5
0728765c4fe7b69c0138d406eaca512f

SHA1
4903206e21fe77a19cf1f069b417531ed1b5980a

SHA256
2ac099525766f385d41ff8715a192d1e0a312108b02ec6ffff4d99549a5c9568

SHA512
6c95ad88a2a8c4a2711d0719146ba5d58d5c18dd3c4b0b645504f480d8d6aebba3cf57309d48d370abcc019abe2c236abfa81e636cb1d743593080e441755d55

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
686KB

MD5
2e560ee1e527f6d9fa5ff99fcaf6bc45

SHA1
196ccc4a39ca2fc83a08146c1b3a2d295dec7582

SHA256
0c599d537b7180546494b317f61a80001462933896ecfd4058a0268c576183a7

SHA512
bb7a36bd93a6528759b56488f7d904c3a3d43993aa9f5c2b213636ce76729522dbede1af898d6186c2778af312473a5c54ea50a316e8b0ab11b2e9a477e8950b

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
10e5c7ebb10d59afe3e19e2b35743649

SHA1
79cf3b27b50881e689453c5ab90038022d3f15aa

SHA256
b17c7c7b2493535f60d21fcfa5993dd964045efd0b99329444cc5fe773a6dde7

SHA512
d8dd494070b1f352ac028d33f547bb5768b3858581e476cac38b378cba4d5720f4548ccd1e2cb79657cac68148d5b00f8c1adf9608f015b728dec0ce34d07f44

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.1MB

MD5
3858ba9548dadeebd37927176b19bc37

SHA1
41076a34cd689027218f5e83b1a814fc6b8bd331

SHA256
d25a7315102b22719a37d197ef41b126bacda34e8e6a99255d4081c1875b4833

SHA512
08093503bc0c47bcd1cb3fe4741669b6ce5fb558d5e932dd160bcf8e11238fd6d5a53fcaacf124bf9b6f061a9aad63708848204581117dad20b7eab006e44ea8

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
980KB

MD5
75f9e6c0c7cc3c213fcd266809d573a4

SHA1
40847c68c655ed5accd24dd5f3b5cda4d88152a9

SHA256
4b18c4fcf9150ccb64538e344b94dd7434c596bc583f77156b6932fe1c661cce

SHA512
d0e2f17ad34e1ebdceed3ee224103c363f779447a156d63d37b19d4908589f7924f970439382e37558562767d2562c6f2244b4010f1964a4ed68e50293617762

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
4d0887daeff8ab3105e737d8aa3ea8d7

SHA1
ea9a8c004b460d56dc6368a99bde6175e4bed127

SHA256
eded7914f589bc87fc5d07ae93585b2f4a86b6497627b8669bc71453712e243c

SHA512
b4425c08eb318b3777b6c9cb55a08708ed64d4b0c941dfbd8d0b16f9dad6a4cc13aa93598f45e88f193f24c2380bf404f601eafa80186356ccb8e650f54b70ed

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
1.4MB

MD5
8ef13f10896ea5e8f03b9d97bab77df5

SHA1
d0edf2ab004fc86311e9c87556be8e88bbd86818

SHA256
b69c9749ea01b4184afac63748e6800126b6a091725127480deedebc53e53e0c

SHA512
db8b42f3b4dee71ff2de1771fc4172ad7ede14f54010cf4cb0d931de752b8b8b0f5694408ab78ef38d5278bff1129b3f39e5fb425985c6376715843b8ec3ee89

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
9c522f421ba29aab39387be00e6b1821

SHA1
9cbd7e0d2abf522f96511e7b486fc77166aa23de

SHA256
06fbb5db6c36ac5f33a6b4112b19658f2b023ae146acd24871cd289775abb317

SHA512
f0282b9182467f6dfa797c214827b38a79eb44808dd1bcafdd1cf6c281df8235fc8a916ed011f66e5afd6c219f72ac55737af7d6c860e2447865e5aa92197b40

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
659c23a5336723d7cc71b9033f3e4110

SHA1
f746bf5c7f23b9a19a58a4d72730b17aa4243c6d

SHA256
e32b8b871ef67b5fd8b27b7300cbd715b82b55cda434ed234d3c45a89c6fa1ea

SHA512
85b75937405fe4c57a979e2bbe4193c7795380c7b9cec47cfd9df8756d976199aab2c175d6fc86c168469912e2a304140906acce21ff04d92c6fe43094eac11e

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
1.8MB

MD5
3905679d632294f48609f0edf1ce1011

SHA1
f4d10c899e605d84b4fecfc91c045bbd21f7f352

SHA256
0d9d09c7328fa5200c95c7c1c8c583ab05ce841e83c21ea138ea7ecd38bc3e62

SHA512
921bc01a9e91cc008787a5dfefba33a8a5d8a6f17d51766e41aa260883a1322cb95ac6fcc60356f12062d913f7714060a84cc376c9ec7a516b4c6b123ae23764

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
3.0MB

MD5
612eeb19e880a894550c0c371e571fd8

SHA1
9cb79dc90f842aa7c66ece56e203e5f69860c1d9

SHA256
1056fa3ff659d8799b2d71ac0919bc443199c7e0cdf33c9a2cf2a813d217823e

SHA512
fbaa1113616d5789bfd996335b2aa42943bac398216558068d3f7506e591ff6b1e72071f5f35b85e6ec8c9bed21750125f71c092b91601d0f5e280d1f0820e7c

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
3.1MB

MD5
569c5f358a107b37c5cf422cfb4396b2

SHA1
76a14b9e02fdc25babb01658fbb817146e9278bf

SHA256
9a204158faf12a89cbca59afc8266564b6c7e53ed45e6eb0c0858c07f1ba402a

SHA512
2ba0cf382c78845f28b21caa33c028f4b8ab69b5100ebb0d58496f591e76f863f4a44289ca69ccc2e53ac705dc7ac8950718a3b683d557475ec78031678eda4e

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
3.6MB

MD5
968871663f2d50b3d82f335d0be89b5a

SHA1
9d7c16da207656b601158a023322b90a2fca8526

SHA256
442b1a18d12d4eca792eb4b2fa050a1d88d05b829ff4b44fb2f9b253cd20b717

SHA512
417848da0632400763ad4200efd886528caefa12007ef71cef4915b0293c9d6caf4b604cb25ee138ae1ab0b18fe17c8d916424f4f24ecd2eaa6f73502ec1fb41

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
3.3MB

MD5
b7d33cf83502da045b9a721aabfec7fd

SHA1
84d3df7048d65cacb8e3d920b5981879c8c20048

SHA256
c8c8c008cb67df960b64215938e6b5f846704d1ddee54dcf9463a8df9edd640e

SHA512
565a418717648f8e3e16c4d7a87dc6c00ca1d5b3070bf9341e82e30574844c6d96bf9f491b53e48cd483bdedc1bbaf1c336564218ddc0370a73875755d921e0e

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
3.6MB

MD5
d1f743aa98b27204ff6dc39a1f115795

SHA1
7ad36466097518d6410a88beaea065f10672de29

SHA256
0bcbb048de16d2407333b988f7a838cf6fc958456c9407c4361983f2ffc4fbce

SHA512
05412c71c1cc8c37014f3d0d0b2241f84c8b2fadb9eb5f634899166a2c25833a92e5d0a021f942eded9011e505884d82d242bdec3095c5e6d963e347f8c358d4

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
4.0MB

MD5
fbe86f128f5bfd84d74328cad43a98be

SHA1
4c56511c5f65b1018dcba0269c1598e2c7ad4bae

SHA256
bf287e664fb79777ca092c357694fee057389d36def333f48a1563f2b78771bd

SHA512
6ae1f9ea5b6b4ae37a36fb7bf6dbe28b935a18413ebcd199e283c3ee1ee2fc9a5e1b3c05244b876f894b7a5d2180ac65e957741024fac2eab8065f0373cfb6ef

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
5.7MB

MD5
ce3652d9938a51771548fb06e3daf30e

SHA1
06f08097b82ead36d5b20ef337dee9b9b5297f69

SHA256
34bf19c35ef5ba235467e595c6cbafbf9e802afdd15406f08d54c145ae09b6b4

SHA512
abcc174e657871246bfcb2c8cdc9afa16da78c053f9e04ba0154d5b07303436b3ce08361d8b7d396b07c32a34e54641ce9e7b34f67e1872e6f6394ecf21e1fbd

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
5.7MB

MD5
a4cdd11310ffa84e6219f8222afb684a

SHA1
58da4425c162607610b7f100b40e751511ca22e4

SHA256
08922e7bbf4e16bef18a9c727776308e72bf40c3e97050122cb30b575f097acd

SHA512
8c093e0e1bc53a03a0acb52f5bacfbd16570d77da901283761fc7808b5af45ad320f86e2570a79a462744c6793b73530f4794cb62580d5da20f816823fb74575

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
4.5MB

MD5
edfd4c077fc7a29a5cec2067ddb56776

SHA1
b073b314cd950cd63989d613b2c0f975b1d4cd79

SHA256
a7490e0eb40a3bb1c90d3ab1cae93518abcc69465e3592cc2d84fd9e196f5aa2

SHA512
856020e3037f34c3dc9f6056b161eadc70fe782ed6149d0ad398469988506dd1b643fe1fb2074bcf195f729efe03745bbe89dd8190a8bc6198b3449fcf5ad25d

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
4.3MB

MD5
ec2674de8d53a677ca902e5e45750677

SHA1
85c5efc7ca6a7a1fd7fc389ed5c0004a7e2f3be1

SHA256
a87994287d8dc8e325ffa6fc401f4a3a15962d1d86bc098db4d6f54a12e4d37d

SHA512
81cd4a66d2233dc8bff02bba5d295b597b727c71ffbd87e17eced3d5920ef307560ea2c5f05d641b39be46654024e1f9178fde4a8531a33d45f7b5451e675a65

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
1.4MB

MD5
3bf3d616990eb0ec5de32e3e00c12e5e

SHA1
ba4959aa291932ca97d835e1fff93d08dafb87d3

SHA256
60689a603c110d63575c7db428592556a91d8bf70bac2cbfc473683a4f22831c

SHA512
ec5c26188fb1424a8ee490440f72f75cbcb23152f1c3d4730c4b6e897b2c6d56806ac0598c45fd38ba2ce3c4608301f32b70a3c61b78ba5e91bd6649e2850184

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
1.2MB

MD5
335c0cc40c2cebdb06504352dd9b3bcb

SHA1
3bfae6e408fa126e51a04d951e5278baef4b7d7b

SHA256
282fd97a064e02024148b8915a258918c58027cbb93eae192a11466904838b4a

SHA512
34ba52020a50b8674500ab3c3f0561ae3957fbd109950bac51ebf601cc1a7f51c5fc596c1a9326bfcfad64c0313f0193696fca4c591424d2b5cf0144fa56998a

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
960KB

MD5
4b115f72b6daf0c37b01185f4b8c4f46

SHA1
5c31df15c392bb2dcf64dfd37e5f150b4a3ae50d

SHA256
015e340ec345f17e301d51ce0ace549004cb6d666b2a66c8e8b1b7632d755cd6

SHA512
78f1863b64f1815c72c16e19cbc7a4c4961fb86918490fe9e3d4ff1dccbc0ce30d5b683431c43e5f3ee858e01da0f5b3a73e13403022991e811ea4e0bc69d6aa

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
1.3MB

MD5
b3ca4401db2540d7de29912f74112472

SHA1
ee19b735cc3c9454a59597c51bee6275f3ee2592

SHA256
90976fa1bb0d45b4f9e640a75b0e52e3b2819ac512a61a9c6bc86a69bf21cf31

SHA512
27708f0185faacb0b1d8f40974eb962c3ae6ddc663a8bef1241c44cd8ed4a3a621cb1c9a11d70af9d75aff42efc555d5fe1a32c368939261b2684328bdcf8e6d

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

Filesize
1.7MB

MD5
f20d143e28f8180eb3c4bc3b7e743e4b

SHA1
2db1abf5c9334009b896aec0a77719fe8ebed168

SHA256
0fa1f6a9c59bc7982b8765bbc534ff5e5ad2ba1fb5228464395600224247af41

SHA512
a4e61fa91594cb8974fa676abfd0750597082a388583d4ab337a617a690e7385b3384149ffbded0174cc198970c6769d7b2abaf872cb0048353bd3e755e8d977

Download Submit
memory/1332-2084-0x000007FEB0520000-0x000007FEB052A000-memory.dmp

Filesize
40KB

Download
memory/1332-2085-0x000007FEF5150000-0x000007FEF5293000-memory.dmp

Filesize
1.3MB

Download
memory/1728-11-0x00000000027AB000-0x0000000002812000-memory.dmp

Filesize
412KB

Download
memory/1728-8-0x000007FEF5910000-0x000007FEF62AD000-memory.dmp

Filesize
9.6MB

Download
memory/1728-5-0x0000000002870000-0x0000000002878000-memory.dmp

Filesize
32KB

Download
memory/1728-6-0x000007FEF5910000-0x000007FEF62AD000-memory.dmp

Filesize
9.6MB

Download
memory/1728-12-0x000007FEF5910000-0x000007FEF62AD000-memory.dmp

Filesize
9.6MB

Download
memory/1728-9-0x00000000027A0000-0x0000000002820000-memory.dmp

Filesize
512KB

Download
memory/1728-4-0x000000001B400000-0x000000001B6E2000-memory.dmp

Filesize
2.9MB

Download
memory/1728-7-0x00000000027A0000-0x0000000002820000-memory.dmp

Filesize
512KB

Download
memory/1728-10-0x00000000027A4000-0x00000000027A7000-memory.dmp

Filesize
12KB

Download
memory/3160-3188-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download
memory/3160-3189-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download
memory/3160-4005-0x0000000004970000-0x0000000004975000-memory.dmp

Filesize
20KB

Download
memory/3160-4004-0x000000006B5D0000-0x000000006B8E2000-memory.dmp

Filesize
3.1MB

Download
memory/3160-4003-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/3160-4002-0x0000000000BB0000-0x0000000000BF0000-memory.dmp

Filesize
256KB

Download
memory/3160-3166-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/3160-3165-0x0000000000E80000-0x000000000152E000-memory.dmp

Filesize
6.7MB

Download
memory/3160-3167-0x0000000000BB0000-0x0000000000BF0000-memory.dmp

Filesize
256KB

Download
memory/3160-4001-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/3160-3179-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/3160-3181-0x0000000000BB0000-0x0000000000BF0000-memory.dmp

Filesize
256KB

Download
memory/3160-3180-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/3160-3196-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/3160-3187-0x000000006B5D0000-0x000000006B8E2000-memory.dmp

Filesize
3.1MB

Download
memory/3160-3195-0x0000000000E70000-0x0000000000E7A000-memory.dmp

Filesize
40KB

Download
memory/3160-3190-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download
memory/3160-3191-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download
memory/3160-3192-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download
memory/3208-1144-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3208-1057-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3208-926-0x000007FEF4C40000-0x000007FEF4C4F000-memory.dmp

Filesize
60KB

Download
memory/3208-925-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3412-4000-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/3432-1642-0x000007FECCE80000-0x000007FECCE8A000-memory.dmp

Filesize
40KB

Download
memory/3432-1466-0x000007FEF50F0000-0x000007FEF5233000-memory.dmp

Filesize
1.3MB

Download
memory/3432-1465-0x000007FECCE80000-0x000007FECCE8A000-memory.dmp

Filesize
40KB

Download
memory/3616-1321-0x000007FEF50F0000-0x000007FEF5233000-memory.dmp

Filesize
1.3MB

Download
memory/3616-1302-0x000007FF3F520000-0x000007FF3F52A000-memory.dmp

Filesize
40KB

Download
memory/4036-4006-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads