f7d05c0e9430ba0621020caad12fa1e8e62acb3bda349cd03240c1938ce7a887

Resubmissions

16-04-2024 09:10

240416-k5f2eseb24 8

15-04-2024 09:27

240415-le39psdd7y 10

Analysis

max time kernel
2699s
max time network
2694s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit3.0 builder .rar
Size

158KB
MD5

438e994e567237cd837c7d1ab4cca381
SHA1

6d43e78e66f703a212a33a7fea46191267679fd3
SHA256

f7d05c0e9430ba0621020caad12fa1e8e62acb3bda349cd03240c1938ce7a887
SHA512

cae464209b30e92bb9ed78d5ddc6fe08a1b2aa89e8d70fa0e57a67dadf4c177e88d888ee3fc06351ad4abe54af749e3ae10671dd4953a6e896f1f7c26aaf5524
SSDEEP

3072:slWtN53dw/7+YMflx6m43+T0yw095ZtYxnBLF7rjT+154SIHg2afvX3Y6ZM:sG7tA+YQln43+T0gfivLF/jiXfv4N

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.13.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 15 IoCs

pid	Process
1580	tor-browser-windows-x86_64-portable-13.0.13.exe
4892	firefox.exe
1588	firefox.exe
4344	firefox.exe
4884	firefox.exe
1844	firefox.exe
1512	firefox.exe
940	tor.exe
4736	firefox.exe
1616	firefox.exe
380	firefox.exe
1580	firefox.exe
2960	firefox.exe
4400	firefox.exe
2956	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
1580	tor-browser-windows-x86_64-portable-13.0.13.exe
1580	tor-browser-windows-x86_64-portable-13.0.13.exe
1580	tor-browser-windows-x86_64-portable-13.0.13.exe
4892	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
1588	firefox.exe
4344	firefox.exe
4884	firefox.exe
1844	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
1616	firefox.exe
1512	firefox.exe
1512	firefox.exe
1616	firefox.exe
1616	firefox.exe
1616	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
4736	firefox.exe
4736	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
4400	firefox.exe
2956	firefox.exe
4400	firefox.exe
4400	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSerifLao-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage-sync-v2.sqlite-wal	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-CJK-Font.txt	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\browser\omni.ja	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansTifinaghSIL-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansWarangCiti-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\removed-files	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansThaana-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json.tmp	firefox.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite-journal	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\libGLESv2.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Docs\Licenses\NoScript.txt	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Docs\Licenses\Torbutton.txt	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansTifinaghHawad-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini	firefox.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite-shm	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-Fonts.txt	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\lgpllibs.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\parent.lock	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSerifNPHmong-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\lock	tor.exe
File created	C:\Program Files\Tor Browser\Browser\omni.ja	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansLimbu-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansLisu-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite	firefox.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\startupCache\urlCache-new.bin	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\mozavcodec.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\precomplete	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansWancho-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansTifinaghGhat-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4.tmp	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\AccessibleMarshal.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\ipcclientcerts.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\platform.ini	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\tbb_version.json	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansJavanese-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSerifEthiopic-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\mozavutil.dll	tor-browser-windows-x86_64-portable-13.0.13.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\formhistory.sqlite	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\firefox.VisualElementsManifest.xml	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansTelugu-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\broadcast-listeners.json.tmp	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\geoip	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansKhojki-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansSaurashtra-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSerifKhojki-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json	firefox.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++2f234cf9-92e5-4bf8-858b-98e1b21df525^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm	firefox.exe
File opened for modification	C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\broadcast-listeners.json	firefox.exe
File created	C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\000_README.txt	tor-browser-windows-x86_64-portable-13.0.13.exe
File created	C:\Program Files\Tor Browser\Browser\fonts\NotoSansLao-Regular.ttf	tor-browser-windows-x86_64-portable-13.0.13.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577322889511074"	chrome.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.13.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	tor-browser-windows-x86_64-portable-13.0.13.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c9b34ce4cc8cda01becfe273d18cda017ca30bb6de8fda0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	tor-browser-windows-x86_64-portable-13.0.13.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1580	tor-browser-windows-x86_64-portable-13.0.13.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
1588	firefox.exe
3096	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2832	OpenWith.exe
4640	chrome.exe
1588	firefox.exe
4884	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 1196	3096	chrome.exe	99
PID 3096 wrote to memory of 1196	3096	chrome.exe	99
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 1688	3096	chrome.exe	100
PID 3096 wrote to memory of 888	3096	chrome.exe	101
PID 3096 wrote to memory of 888	3096	chrome.exe	101
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102
PID 3096 wrote to memory of 5112	3096	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LockBit3.0 builder .rar"
1⤵
- Modifies registry class
PID:760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8840ab58,0x7ffc8840ab68,0x7ffc8840ab78
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5048 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4200 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2416 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4532 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5112 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5084 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5252 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4408 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3296 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1580
- - C:\Program Files\Tor Browser\Browser\firefox.exe
    "C:\Program Files\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4892
  - - C:\Program Files\Tor Browser\Browser\firefox.exe
      "C:\Program Files\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Drops file in Program Files directory
      Checks processor information in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.0.1646382163\146826934" -parentBuildID 20240322115718 -prefsHandle 2364 -prefMapHandle 2376 -prefsLen 19246 -prefMapSize 243612 -appDir "C:\Program Files\Tor Browser\Browser\browser" - {3f27b608-5383-4bc3-8832-179fb19f74a2} 1588 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1844
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.1.1427365202\1395529101" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2892 -prefsLen 20081 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {438dda3e-0951-44db-b32a-333450e8677c} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1512
    - - C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:d6c927da3917340c60c2491fd04e9ac36e86f7126b1fbbffdadfe26acf +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1588 DisableNetwork 1
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:940
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.2.706801785\1181849884" -childID 2 -isForBrowser -prefsHandle 2640 -prefMapHandle 2904 -prefsLen 20895 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {b68b1971-a68f-46a3-bcdc-576a333d7f2e} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4736
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.3.879459450\779735747" -childID 3 -isForBrowser -prefsHandle 3364 -prefMapHandle 2872 -prefsLen 20972 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {3f5fa325-3822-4480-934c-836083d4f047} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1616
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.4.1898511884\420803811" -parentBuildID 20240322115718 -prefsHandle 2828 -prefMapHandle 2876 -prefsLen 22147 -prefMapSize 243612 -appDir "C:\Program Files\Tor Browser\Browser\browser" - {71cc3713-414e-4a29-bb27-afe3f75047bc} 1588 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1580
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.5.500146256\1050769042" -childID 4 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 22396 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {89e21f15-948e-4ea6-8f22-e6d6376b3222} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2960
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.6.55133248\1198088010" -childID 5 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 22396 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {8178549a-e2a7-45c8-85f0-5557058f484b} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4400
    - - C:\Program Files\Tor Browser\Browser\firefox.exe
        
        "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.7.10946971\993036556" -childID 6 -isForBrowser -prefsHandle 4480 -prefMapHandle 4484 -prefsLen 22426 -prefMapSize 243612 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240322115718 -win32kLockedDown -appDir "C:\Program Files\Tor Browser\Browser\browser" - {652a7a8f-0bc1-4e12-bb90-672e345203f4} 1588 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1144 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2404 --field-trial-handle=1920,i,16792271448975876857,2684316707954116082,131072 /prefetch:1
  2⤵
  PID:3760

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4628

C:\Program Files\Tor Browser\Browser\firefox.exe
"C:\Program Files\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4344
- C:\Program Files\Tor Browser\Browser\firefox.exe
  "C:\Program Files\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4884
- - C:\Program Files\Tor Browser\Browser\firefox.exe
    "C:\Program Files\Tor Browser\Browser\firefox.exe" -contentproc --channel="4884.0.1428661329\897641600" -parentBuildID 20240322115718 -prefsHandle 1608 -prefMapHandle 1600 -prefsLen 18663 -prefMapSize 243432 -appDir "C:\Program Files\Tor Browser\Browser\browser" - {0cc51455-baae-4e48-b770-2d0ee7283646} 4884 gpu
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-04-16_14_mAK3MSheMA6OwCJIHfKcxQ==.jsonlz4

Filesize
1KB

MD5
b232ba198f9b305e7eb9602278223d12

SHA1
a45de6f277923b68cc78e359649fb4448bed20a2

SHA256
60a30d98f6db4e4ad981ef133ad150a12f70f7f915c5ea2f56c73ef8b2b95068

SHA512
09e41c27a22dd3362d3dca7d094b0106b0351866ff2c24f6c86e422140fb2c68b12a40d57057f1576d67f11e53bc4cdbb2422f4bb861179197880bda9d0446d6

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
9805e872ff1e401170f4c2a1c2b708a1

SHA1
a1c08307452c03cf48f7059894815d2d8081aa3e

SHA256
9a0e3e6a3586aa68208ac36363764c1dc7d86ff2256a05c6eb25555081e3cd0e

SHA512
f1602abfc8ace9e07db8f06992465cd27fa0516e025fe22ad7e6a2170cb1806bb50450c16e74a08494295255db08c2ae383f981c8b7f4399b25a1976b76aa92f

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
161b9b7a9f1d655b6afaa11c4224fc64

SHA1
e9dd26e596a02aaa2dbebd396209827feb19fa40

SHA256
a8ca78e26451ba8cfc4ecd9d193cf5e70f78aa96f2279e8419859f61aa1cadd6

SHA512
d9a7fd8b28aab28a5b3b72b53be407b93f5d78d569caf4df94caa94ac56b09d343bc35f5d18e153aa666bd30d66f7516b1d60d812deb1dbc33dccde16413f793

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
73b7ca4d2904c736449781f5ae840580

SHA1
8aff700bd40a5bccf41755e4e70776a6216b2e4d

SHA256
c05d1af2dd1a1ccea17187628f4fbc3dd7dff2b666497f1e224d02aa100b75ff

SHA512
4f8c877e4fc9f2da09e5e0f48191346786005c907463e4825b02764a7befe10e97cc203be9b63a00f5e4c10f28e3b9d5fb35247c7efe61a209d190725b2da639

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
731B

MD5
b2c7aa1b43fbb4af9fc42e479bca63b9

SHA1
32f6566e1328d1af9f2e96a518c122a3e928eaf4

SHA256
b4b66bfb702d15bb97220b30a50210d32db8292274e0ec4489d0fedd252a5bf9

SHA512
3ed30e91af3dad57f93d938701c40c98e73cb282703e700d721206f0cd3b420892e69b038594f834b1e964cae40851905a2ace56d95c9cabfa590fc4846d6d3c

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
a317c1c9f9e4abc82aa5dfd83cbafb26

SHA1
27cd83a7b8ef22dcafcdc56a61f81372cd6fab0b

SHA256
f40556edc77d3068bfd6b2a16ff9fad11fbc6e338233f9220b77c90b431060b3

SHA512
32262dbebd6ef765993ffd3f12ea95f9a7de7ec9dc62d9983359cb6f22bc95d47271c2b495265e39ae43ed11b646b6f86f6098be8487177abd680a6e7e4b5b5a

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
64KB

MD5
e0572a8663d2c93b95dbc117bcd68e7f

SHA1
250fc4e46e2bcbb55d8288717a824ecea2b814dd

SHA256
6825a877f17daccc259522fdafc3e3ed6ed8f7a6d286b8323aba7f6e577da2fa

SHA512
2d7d131da583056c475264f6da8e1fea434e1fa2ebd703dfd002231fc945e8dd34334fa0cd3078f4b0c6097bc82a1beb09f59bd2b1b8cf30e82124e377c8bd67

Download Submit
C:\Program Files\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Program Files\Tor Browser\Browser\browser\omni.ja

Filesize
24.6MB

MD5
16d170e64de5b3be86b27e71d0ef29b1

SHA1
ae8dab7b6cf1a1a9d220a0a5a0632ef9609656ee

SHA256
8007da1e8cbcfe9cb268091e492b803d84ab886979d7ca6621184844236ef4d7

SHA512
cf2db696f3213376e3686d9cfa9756436debb84580fc25f811a6c56b55ccf7bfdb5444352b4cea7912dcb759b97536df3961b8e8e279546ee20b5c8b7d0da422

Download Submit
C:\Program Files\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Program Files\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Program Files\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Program Files\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
1902d5bf4e343cc5ef8a4ed19e62d05b

SHA1
05155bf02f09e0006bfc68500aa1b153cf97d445

SHA256
914299dd77f4322c99f62c37df1317ea3424d9a747d4635d10c1d3f003f6abd4

SHA512
402a252a79272c41a8a1a09cee236d184c83fa56e8d41fdb3c25d967440c4feb5f29adefce407434a4f203dc51c127f97c4f7a3825f2cbfa726b26be0b0bb094

Download Submit
C:\Program Files\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
55c08727f73be5114d5c1bee71d00313

SHA1
f3d6b0f4a210b33a2f47bb29d244e0dea4a73265

SHA256
fee95fd29d95781079568ccc5b8533aae48ad9cb7197d45597bf6fe44551d489

SHA512
29385935fbe28b67115942c768dd71f36b165fcb71030e1c953b3c60e206ec35346519e9d9eb860e9058f26bb2dde1e1efe47c6deebb5b8e8775b2791a664cf1

Download Submit
C:\Program Files\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
256030be9ef4d8e57fc8755ba8ae3fb3

SHA1
9e4f0dc7e9f327dc4d5e513b8f3badd000153971

SHA256
2a559be2d40d83ddd642198e11ba301fa47bcc934270f1f8228e212ba340b84b

SHA512
06913d9424e23d02ce4b75c6378e6b9ba5a405f30aaff8c3a3b51290ca0c3fefc1c498c22b0052faf98e61d94b66cfec7965952e2e0b5e085a5a2b9ce32c8e66

Download Submit
C:\Program Files\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
38e68e87a12a0d73a8e10822028a9840

SHA1
1f68836daa7e8c68c7908c0b49ce42f71f961201

SHA256
9bdfbeaa202debc1dbd835eae2c7c78f7c765de8acfa72bc13d73b0600b5c88e

SHA512
d5b1bd3fd8921fd0b9c3baa924e482b5c199e81f7ccbfcf3d9da19e9f249e4c42e3c6e052b24a9eab8ac296fabaf1bb7d69febb26f01be8b7f6ee68e32108f81

Download Submit
C:\Program Files\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
0419c3346cd76c4f5dd4c292d72c84b2

SHA1
0fee9363f7d180a6a9da292d6df4c4be32bea681

SHA256
2b4bf28acf3e0c54cc4f4d34dcde154fac1b88067c47b91ce0198ecd91963cba

SHA512
baa38dbba19cc4dd77a35a2152d2c88dda0aae90ada1cfa2f933d751ac970b27dc03e5b803d585476a3e9f8c6570f3ec4febc769d5c900797e9e9a749be0d72b

Download Submit
C:\Program Files\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
6cb8ab5c1991b638227b585948b0f9a9

SHA1
53cec0f986e465cc151eb36f3cae2bb6d64f00f0

SHA256
ee9e4b8e9b3d774d3b3cdd827ac4fb2d3e53a436fc49e8400d93dde60ed27696

SHA512
e167f3d5e23efd834886ba324394b6f2f87808bf8190c230ce6ecd133d92a0f93776ba7d1ed2b91d5e7a40911811c048c63f81b7148267c95794f4a063957a0b

Download Submit
C:\Program Files\Tor Browser\Browser\omni.ja

Filesize
17.5MB

MD5
fe21313200ed07129cc3f8be690c5a99

SHA1
7516c1fc9385bb8f29a0631282863766087fbdac

SHA256
ffd925c8a9d2eed5e520c0e0070d617f3c54f363f8a1cb01271e41475a270455

SHA512
b64e9192ab355f229d388496da0456523742a5954a30ba19d5464e4358ebc184434d57636b2d0878af55615aaa042da813700045f29cd47eb88c84a24ef0fcc9

Download Submit
C:\Program Files\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
bd06298b530ddf011047ac815be503b6

SHA1
e8de0241bd1db7f5e6d21612d264814efcfd84be

SHA256
0f52bdf017e9a578da73031cad6524bb0fbb19be3f312dcc56882b9093ebcc3d

SHA512
43bc1bcde6f34e8faf7417092c5d5a528448baffd76845ab45e777ffe298c996995278509ab32dde1775734b28ee205f9780320c216b3d938ce1868c6e9c476d

Download Submit
C:\Program Files\Tor Browser\Browser\xul.dll

Filesize
143.5MB

MD5
97aaf0b3b05140163629e17f6a64b93b

SHA1
1a860206b99d1b13178cdfeb5a4f3aa0528e9d90

SHA256
5d15aaa6f7e4f40074262c4515cddd25c4f208634fbf8902880f91ac70390d83

SHA512
04834b5d68c1cfde22076d3721e560ceff1108eb4d0f65bdcd84967737786faff096dcefd30dedcd108f3586345dd2b45372fc2e828e3aab1fe754f392a0db00

Download Submit
C:\Program Files\Tor Browser\Start Tor Browser.lnk

Filesize
1KB

MD5
29eb7377825a5362d7926d4ece14350d

SHA1
75674a9aa1dac6b8d114b63380cc4ccc1a4720f3

SHA256
2914bdaf8aa93855a59af64831692c83516b8e74a5f2da65bda442262d4e871c

SHA512
b8a4a1d0577a58508cfb17e62bba584d0879f4acfb31cbb26343c7ef550a12929fcc1994d2c01a8eca9c0effc9598e7cbaec891f468b71b398c74a92aebe201a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
67KB

MD5
be3d6c1fb59f941276a1d1be2488d009

SHA1
5a0520948fb6a03ffce6b3b89655cb83b2bb6a83

SHA256
2cb01be313a1de4b54987de1f1b9f61fc1635dabb90987264ca27ec7aef2af38

SHA512
4dbf02cddf13261ed41fa7318733836f30902d59c4878f3ce51bf09f3e117834650b692396498038c607944692eb08ff32af7869a58e63c935d7ea7358ed7f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2c13688e3c3f8e83dc714e70e6af577a

SHA1
b1d882e82f01515099ef33ee022ac9a5a4da1342

SHA256
a8b0926a70258f6399fe4a107bdff21842c4dee117535563ea234866dc369316

SHA512
2e7f7b4f547e45f3077a693969bfb3f7912311c2e526af86722f704d18a69fc277b80f72588f126aa2da759a7b17c6388364ec0570ea9a186c6f909af8d5c173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
71a2b30f1295073baf7ce7e6f8f685e5

SHA1
7391e80c61ef2bb7b32d257fa69773945b8be4ba

SHA256
af4879b643e4dd7d5f80a885f427e959dcc78b1a7edfb12c3cd27a352fbe2ecf

SHA512
1829705c2c13ca2ee552d71cfbd6349bebac119013f60faf4704a6a10fa3ab5d3bf6ee9b0ad731b8e5666971d8d8a9bc919d059ff6d01605ca807b4f964ef3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fd3262f4b812a338fc11b79a92cec0fa

SHA1
7c33433258c2c72b2a605b20b0ab34ecb04d5ab4

SHA256
e7ce390d717b0690c556a2966a109830ee3c878275e09e2dba29d075387a3d4a

SHA512
50492b329686e1334b57cc790c95f55be9a3e0d2e61aa4b643afcf0e8fe169509fe317cd9bbe55a4f7d216a6c4f1981fd4a6e1fd461f9e447e1340acdc615efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e1de768ff85fa74b6f48ddcc8f1e0f39

SHA1
b6c4ebc651210053ebd5194754829c6e646df34b

SHA256
da5c6bc6f672a450a0b41f5d1d002a90016e1401c38286b4304cfd749ee824f5

SHA512
e67f9759719f1dc2460dc2292b6dd9acc3d4d8c05f78b602a51d23a1a32d2a7d9ac755dcc0c67753e614717fc89db992e30e2aa3131cae0d9723c57a4fa69d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a1e2427d17ded91dea40eb6e21d38bf2

SHA1
84f92a4b9985689f637e434b7df599d8968102ee

SHA256
1858bd6133ff59cc9c4838982ea640dfb29a8220dfb658c0af16df4e63c581e3

SHA512
742fb69d52802b3a3432c7d6a58fb87cd80a64a74588ba781d01940854b81bd0c6ef904fdc3dea8293771bc2a7966857aa5bdb84e6a5319ec882c2a06a2ec4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd3409eceac2b7ccd540a4858d37215b

SHA1
728587f11f600bbe8674d4934b7b993e7555dd28

SHA256
e72a03a914253132447ab863b124bb368dd44fa58d31fab6bc6cfdaac87ad5e5

SHA512
e7bc164801f155f612cd5160a02fed7884c2e735674695de61da3c532f75d6a2e0911c3905bd94fe2a40a79e3ae49948b7367ace62c370135e7489259d59dbe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d2fb31102c8d5a86965313d3441a3933

SHA1
0f3b53e7c41b0ad209cf13fc1ff90d6505f20707

SHA256
453cb60c7cbfefc42e52a46fffa36b335c60b92ebd37a2ea860f23f89e48fec0

SHA512
f3b34bf73594f394bc924b7252fabccd503d649e2899e1b81b8767cf65079eccc8ca9dffeead0e452654b460ca14f63282ce2a8624b17e49a5172a107c08fa95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a1388f54b50a9b531f6d37ec7f91c765

SHA1
445362b9bdeb1b8b491d1eb4f4c82bc1a2c99ee0

SHA256
d1b1bc050e1f1c608e727928250c61f41ed1897be2fcd67a1e5a1217023b66b1

SHA512
82d570362f299040232a71344bdaa263fe91c1f8122163aef6bf3d844d0d9282a449adb650eec32b341f9acc45fdff900a8976c89e05bed5e4330d504e29dcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
42466bd12061125af6a2f972445e7612

SHA1
7640531fec60d3625411baeef2f91f020a148211

SHA256
895f78c9409066041a6be767dac9a0e1662cb74dc09f7a518c969ff902fa2642

SHA512
da2eb656d93bf62563b6945eeb81c754a4c9578942278ce1c2ffb6bf4f468a8b10d0fe7e6c106799c34ded3b54f1878bfb8c7618edc602f6d808b94bfa68ad58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d94cd78b5471714bdd82c19410a01d0

SHA1
aacaa63472add5f1987e145f11ac6d04a5f6cd42

SHA256
07e9e2216b8602c04d1519491beda7291566dd662daf3a594c5e2fc06a2d7e81

SHA512
208ad6fd5eb8d94f700862d3e2921b1dac1273f75b27c77355abd6d9d7856d85b6f4924768df59142ed7ed2bc24bfc747e906b18368e7793d546cfc01206f362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b3d895856cfcab775c88fa7c391bb68b

SHA1
608ff841c6a2fae6a525a4b6b8bd1beff46c99e7

SHA256
2272ee07d85c3073c23a0c2538722c1a679c2ed9c332482bf15fd71fe0d2cd15

SHA512
ef67379711b414be7783edc2f9c4b4ada2139103bc28c9743e9a50a154d0115ff9664f801120d9e1ace1c94390072173ba048bf37c2ddee5624f61de77db4e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
931acef2ce1f662b88cdd395b3772c50

SHA1
f287c3765145fafe36ec3beec4327967e9dd542e

SHA256
b9e787687cb03c39ca2f74aafcde393c3c9db84b358bd3efe00fbf3fad3c2900

SHA512
7fc99a9b7e35d47560bb0713c116f9564637f55beb039aae38458186be92d829d2f48b54d7422b7b6eb4387bb271114ab573e05e55e20af2bdaf682db2a51081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
018225197718b0ec1c31ced6130d6a8a

SHA1
0c20b45821fec8c6f9946e384c2790a8c7273d1d

SHA256
7594ac4e0575476e0185dc8ed768f5de0ee172e6c495bc104e91066e659b22b4

SHA512
6cf6bf35bd8035491cf8fc34db6822a10f9d21e7dc2ebe7aecfe944608d713ea8d14759db6e5c4ccc7a0f2a22d4c03de34e5e2de659658942095133ab4ff84ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b2a3371711b7b8d83f14bd93c4b3ad1d

SHA1
b6bdf70cb14b7eef1e63d757eae64ec19cb6471b

SHA256
9cb6525cc3771f1efb27bb2c2b9ef3c719e3e841b61d3add46436c2a2cf0b288

SHA512
b768e40e58e710dfb5783dcf7a739ac484344ed1fc3da212034039c0ea59032cac54ec31d0a771690a5283c9b4935f6f66516c9ec184f1ab4ea07862ca350c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d1e7be9863d1b77842af793ff749063a

SHA1
c9b1f433394d3406e1e07613c9101b5732e140c6

SHA256
edee1da013aeec594d470b470a6751c9136ca71ebe28a874ddb28eae0e176a00

SHA512
086b370fb87482404c9f765f686d5ec1b597ac587fb1a9c0424d44e7462a03c981945a7d72c9d022176bb9d565c8d819431ffbfa3bf8f85df484c88640f4936e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
233ae12c6c4839b6d739f3a68764375a

SHA1
8e117d2cd9deda537f0f4a02cc9f389159079bc4

SHA256
4b33ca564cc7adfd20f1577d4799632c318478e08a1aefbe9e836b69f74b6682

SHA512
066ce7f78e98fe786adddcfabfeb034d83c5eceae34bdc7d054032828bb5bb0ff70b0983bdd7db788e9c36532628c7108c97871d42fd82f46e7f0e767d70b063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2659d6d2e6613c89ef6ce90f40a033c6

SHA1
ee30fd6af2707fce36365712983069c4b4f0d4a5

SHA256
b2f977cc4ecdb557c25e4cdbcf96577402ea62db24a480f58a655a8decf43a38

SHA512
1d8ec72933ee785ae61b1e9e2a2decc1ba98e61ebb8d6ac24b65443580b97064bfad22fd07789b24b55c744601223ec69cb08e73b9042ed5617c2da79a67b293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
0cf0e19a27c5b92ddf69155bfeb41f2d

SHA1
88f59e7a0ac16b5890801580d52e7d764d046561

SHA256
223a2840ac21d3c7a596d38503455e1189ab2748b17f4d4abba66ad6e3480a2b

SHA512
34b308b18b7a4fc6cfbc2fb253d14c74e60da7588017ff5f148979f26df20fbe666d758cd7a506bac918177478247d72e9b0f8115975946366f7073e453f5e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f43c9308137640d5364187b2c500526

SHA1
dbbe61033ff139f86e9c7f56777774e9be58cab8

SHA256
41a96004d6ac392ee454dba12444302f2864be1ff00b193f17494327523d26c4

SHA512
3d6b7232cc8e9e0d59d5b7fa0f92d3596efb4edf37d3a361cd880ff56aa84671ea6f435b6db4340dbf3d3697122dba8f60e44c4c5861413f240d60f817992065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
744243c8b3d8f0839d9d7a8a9cc9f923

SHA1
2d6007a44aebd9f6e4c0ff25429bef99b917414d

SHA256
b4a7b7e77daabeb73e9cb38d35180c93259e4d0f676bf02c56236c9079fa82a2

SHA512
23ac73354ee0c81a06293263e075b4a77c3aae0dc3881f96464f08c9810901092211a446b31c2217ea5210b94b3fce8d7972d6c9ef5f5bab5ca387fb8b13a407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b04120cb15109741ca1ec45441eb91b

SHA1
b6776c1c5346a79907f189ad2b608c29c0968b54

SHA256
c1e31606a622560fefae5c6da8a15adca7fca2de8ceed5ae81e353ed48eb6344

SHA512
212bbeb0a3fba05be90ef0e5fc130a90908ab1f8166062f1db47a52badae7f08b0d0743f1c92195ceb15e19aa66596f7afc3b7fd23185f78ce4059d703f816db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
10a286b44c0d990ccb7b059fa7d8578e

SHA1
b69752355d52fbc5302ec9c32f29e12c4223811f

SHA256
06d01b3035fa05c7b08b497387232c26529b000d7e10f7d723a19ac07e3235cf

SHA512
8bc625a58a5c9a7809e072770c592226d3e2da2e3641a24792ef7df0a9128197a6aa59ec244c82a47575bab4e171af544ee2f6082fae5027ba5b906fe0389605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
334d33c5a41806dbd7e5be3950c3e178

SHA1
c5ecd775510ef81a9bc25bcc0196239ba1241515

SHA256
ed1f0e85b3fd312942fcb163acf493908df2b0da860f8ee58ac1a587b978ac58

SHA512
f7ac2fb77597842c43a10f4e9f0cada1f035cf43abc2ca48513acb520b0e98c8cbd1836070d042608f0ae4fdbe4a9bd9f0681f9847132ad078b33191d3a6235e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
292caab6e85b9154c430f16645247c80

SHA1
8d4f6ddf6726f8a1069fbb8fbc1eb45c828237c1

SHA256
c6ebbf2c60027ed27630082088026355a585904c1a56103f3320658d10c924a7

SHA512
100512847514c28300c0268940bcd79b6452b02fd416e8e5dbe66c7b925f2ee8f953972b005c7170294128af3b64d4821b156288d2d34331372e83850a5f73e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2e7cec8fefa3ef79ff541f8285bb98c2

SHA1
6c46a32ddc4d12575ab621544de7d6194f144e36

SHA256
ef26b417458c4b0d495eccf44868aacaa6f812e6e5896675689050b1ef2a5b44

SHA512
e0f89bbb557dbecebe42a9feaca8520c916c49d88ca1bcc8930866d984623c47f861fd77770fcd3463bf98f6db132858752e4413575619b5940a20048755aad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e1fb822e2df7ce5adc634577971d6ba6

SHA1
e26043088839f8eff13fe6873df60e31a0a533f6

SHA256
2768499ff097f25f8d3daff6a30554e9af8fc01d048c010eaccd42fb326a7e4b

SHA512
7b53acf4e8c7f6acedcd0c41aecea04f8a69f179d035a0d251a80e8d98a10085c91a754d5fe169b5c5c31d36ca79a12ad07a26fb210917e9942a52044a6d045c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e31776e6834ce8f2bcf644e8117bd27b

SHA1
4c21b8dff3e91136287d2577f7a2fef496ce7778

SHA256
5e4039e3710c5189a25873a58a350e93db1191e61db0aaf15b2848324bcac995

SHA512
30d1f9f2863599be2218feb63c935f9d147c9d352be3ed47ba983b7568591c63b26fd9be9deee9b2763364797d642061ec658f5b370ee83c733b7001cc878891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d8e324a37e3671c4d8b04c6d6676935

SHA1
b876653810220e935ba0867e6aac90a22a431ee1

SHA256
2eb012479f6618bef8ac5e58fbe574a39d9c3652be99e5b2d115d84ee378ce20

SHA512
c8a4a3f65ff9efa8233fe868cc954f714b203926b55760311f6ed17282d8c197f6fd72cae1bfab4e1df7a7d849041a50ba4f7ab04430765aed785850beb50d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
59ef5f9a1df4bef3eb2ecf871b0b6378

SHA1
31c1a487da0187ea78f950c6eb15a928952d70f5

SHA256
ad5b50db8616fc116c164280aebbab7dacbf7f7545bdfd06d39659a9b1120b4a

SHA512
c4a30d5ace9aeee3619048660bd746e43ff78e225b688624d69771cf8642b6d7f4e53e1b361a131dd21610ddc363ae8dc9da8b2959631185d880a9e38d899562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
620a52094845fc40bb48dde032cae982

SHA1
1416f9e2b78005992c67112b2ba10595b4c4270d

SHA256
99a23cc0fcb1743d8c6f1fe1d756bc3417839479abaf5fa69522c672706694c3

SHA512
4a5a3a2eadcf81e4b24b851a8447ac8f2886eb4a3e07a03d3632cefc8382ee29c7412859b323770061897d1def86998d93a09e7e89b547e5774fac875ca76013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8db5755039a2dab401ad158a8db0401a

SHA1
566bbe94fa6aa190d2299b457f7894ba6ef4a922

SHA256
2fec6be352386b1c719be967a57a26ddcc941ef6231cd7d2457078388a05af31

SHA512
287bd5e0451e006389973bf04af77b7e4098791a651da2afd1347e1dc8ca06f08426165ed072aa0a790ffce60fc0fc564a1bc57dc8dfc3eb9e2dd06a147081d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b744dd0a74b2ba727086d3877780bc1f

SHA1
47c0a13d3276693e7c0c825e691b40cb3df6b836

SHA256
8f10165b570922fcff652e44a7ce56553ea705f79f69a482ac33c9544d621e69

SHA512
d5439bbda93e387d1e87ffa6b03e8fcb76ecb8ed1904b2a12b8e3a0c547adbc22c09ac55666a40baff1731c862a60694a3a2cbcf9367bcce534431de0601d020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a31110b351072554766d05238e46f860

SHA1
2621f4cfb6933e3c8546d1c1f6dc0988852adf49

SHA256
53a098e5e8410e0333db6779476bbfd93039ed2c678b415afca21dc2a8f03b2e

SHA512
b331bf18e8932c73bb1d6af5b52e7c7ed6c1d2b58b757cc8ad3933bf0a5d6479a6c33da267cec05ab0e6a6643f18ca0ace02539370d0852e83e00fdcfa76dfba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
c2795c32c42059c43ca4cb8c6ded46b6

SHA1
87239589abde86e1df06ca1f3402594c00a16334

SHA256
b68fd3b02bc9557119b8739570c7978e5353c970bd139ce052f07e7adfa0f4a9

SHA512
7e2e29857df7bea2f15a047501807e7e7ac4019c908f693576564f56d6802a8311057210ee0fbdb1a4578933949fb858a7db68f76b64f7f770a1736fa3631ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
9509b2f1ab8619f62d8465da4ef491bd

SHA1
c342c089897657760e27506eaac0a8f89b8edae1

SHA256
623f49a98629640d67efe78464505dcf4985d2903fe2e170d8e64d258c15d802

SHA512
704de29c172811df21821d88ed1a205d625463faff80f58b12328cab219be99b6b59998b9aae42ecf15af0b19b9c98febc5408a7223197743994d7e6295cd245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
f13719a53efe00ba079703ef71e0b1f1

SHA1
78d7d5f0522b13b1e6bc0debef1e2db2bc2cc3b2

SHA256
f7b3befb84475d5d76fc9b1b67ae6a13c14d3b06ae3cb91b3d741fb6c56590a1

SHA512
2f4aad68b3abd20eeaa3abb3a727381dc2f2dbf0b5bd1d76643c21e2bb55fa079258925443c0815da115eaf20af1a3ab1c0f5d990afb09d280c6ddc03b798100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
21c654f957923245ad4d2a3b9b8a1659

SHA1
e3e8530c7bc99a8876387decd0a138979e29141f

SHA256
6da9c2f207ddd3ffbbba4c84a63db9123b93ff3a1a94802a77ed4a2cb5dfb0b7

SHA512
35ac53b9baf96470c9ef45344ff19ca9aa3b128343aafc15fa18d8d4b37b5dcb64e825ad400e875e60bf8cc7799b16f8bb0c3754cb5b17f8c80fda235828f4e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
5e626f9a04e1563dbf5cd1507157ac1d

SHA1
45334136a35045312e0696508334a23410daa68a

SHA256
e6dc682824f8765617016dff963275b4880a18eee98d5d4404cd10c713b26a96

SHA512
cba47bef3278797a3bc5bc3b92d354dfaf120abad4008e6b5fbc2dac25d28b8e862dac12b20377ad9f84801663ad09cf170e74e6b7f854d98033fbd359371ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
29da96326477cd8754ec50ef285cd729

SHA1
f3d9c0e24c7e927b48bc16c3191fe6caeac78716

SHA256
dbde410563d236f946cd73e281cdfa7105d5f8b7264a317ccddddb6808adc7b1

SHA512
ae342ba7393280bc28a8ec6494a158ae5832aa84ef6dc9e482d5ba1f272f22f8bbbd169f822998c6fa30deef18ee9d7006435352225fabb04adf9402fd81c335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b8653.TMP

Filesize
87KB

MD5
a046e610ee8cdfe39d5a51df20ad43b9

SHA1
2edec523256da68f226ae066ff881904a8b11498

SHA256
0f06563d536975dd600948cbe4ea0fd57df2c0f30819e809ed7cba11bdba4c9f

SHA512
09c2b50c3ecb37503dde91a8ba48cf5ea5dfa440f35249dc9c33e5a2788bd004c9db075ff6c9d9a5ee666300c866aa4579b0e3c7383697a9cece31baa444b921

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9734.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9734.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9734.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.13.exe

Filesize
98.9MB

MD5
1d189b171fc5c7924c9f4992131bbdff

SHA1
014ce1c0ce11e114a28280c9f1c74d990ea6dc86

SHA256
d485685e2c57dcc67d578ae658e49b9161a0163e9b4b05f887eb009f7493ba11

SHA512
876a5fd1406b023f8626fe2172840bbe9f11d372adf1db66734f4c8e5f5215c2eabd64f3b3473a8dedd6f550f3a271b7d131938392298c71c9441c3f13be64b1

Download Submit
memory/1512-1030-0x00007FFC951F0000-0x00007FFC951F1000-memory.dmp

Filesize
4KB

Download
memory/1512-1029-0x00007FFC966C0000-0x00007FFC966C1000-memory.dmp

Filesize
4KB

Download
memory/1580-632-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1580-633-0x00007FFC90130000-0x00007FFC9013F000-memory.dmp

Filesize
60KB

Download
memory/1580-743-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1580-634-0x00007FFC90120000-0x00007FFC9012B000-memory.dmp

Filesize
44KB

Download
memory/1580-922-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1580-671-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1580-673-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1580-686-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1588-1021-0x0000029C185C0000-0x0000029C18730000-memory.dmp

Filesize
1.4MB

Download