617cdc7691462d4645efe035f827dc70e87f49fee93f3d4dcb036900353a4eb3

Analysis

max time kernel
2700s
max time network
2703s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1-icon.png
Size

26KB
MD5

4681bc71c7b7ccb1e9c9970cdfc7649f
SHA1

21f78d6469321f95c645541adef5cf35452965fc
SHA256

617cdc7691462d4645efe035f827dc70e87f49fee93f3d4dcb036900353a4eb3
SHA512

b0e3072ae2db17271741f595d9d319317e110aefeb5d18f41b886426f00ea49464aafe2baa52f50e6014efc6bcbcfd5c17d7eeb3b6a05ff3122d33b7c4ab3880
SSDEEP

768:WeHWrgNlz5Qq9YWnq5abubBeBMGs0rFFkDeET78mH6G:bWrg35AWMXxwODRh/

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.14.exe

Executes dropped EXE 17 IoCs

pid	Process
3868	tor-browser-windows-x86_64-portable-13.0.14.exe
2456	firefox.exe
1940	firefox.exe
4300	firefox.exe
2508	firefox.exe
4312	firefox.exe
1408	firefox.exe
2960	tor.exe
652	firefox.exe
4240	firefox.exe
184	firefox.exe
2900	firefox.exe
3868	firefox.exe
4320	firefox.exe
1824	firefox.exe
5664	firefox.exe
4760	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
3868	tor-browser-windows-x86_64-portable-13.0.14.exe
3868	tor-browser-windows-x86_64-portable-13.0.14.exe
3868	tor-browser-windows-x86_64-portable-13.0.14.exe
2456	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
2508	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
4312	firefox.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe
652	firefox.exe
652	firefox.exe
652	firefox.exe
652	firefox.exe
4240	firefox.exe
4240	firefox.exe
4240	firefox.exe
4240	firefox.exe
1408	firefox.exe
1408	firefox.exe
652	firefox.exe
652	firefox.exe
4240	firefox.exe
4240	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
2900	firefox.exe
2900	firefox.exe
2900	firefox.exe
2900	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
4320	firefox.exe
2900	firefox.exe
2900	firefox.exe
4320	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577978622201599"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.14.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe
1940	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1940	firefox.exe
4312	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2032	2132	chrome.exe	89
PID 2132 wrote to memory of 2032	2132	chrome.exe	89
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1292	2132	chrome.exe	90
PID 2132 wrote to memory of 1572	2132	chrome.exe	91
PID 2132 wrote to memory of 1572	2132	chrome.exe	91
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92
PID 2132 wrote to memory of 2800	2132	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1-icon.png
1⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc97ccab58,0x7ffc97ccab68,0x7ffc97ccab78
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4412 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3288 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5076 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3364 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5172 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1740 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1628 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3336 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4496 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1896,i,14710511830334784402,891592012409058302,131072 /prefetch:8
  2⤵
  PID:744
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3868
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2456
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.0.1877338005\889561704" -parentBuildID 20240416150000 -prefsHandle 1960 -prefMapHandle 1756 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2ca609ed-463f-49b7-b97b-8088fef4b915} 1940 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4300
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.1.1351103944\686758039" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 20081 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {728bbe5b-74fa-438c-a15a-dd08a59223ff} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1408
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:0401b2a7aaadcbc260aa339fab97eb4a84033de7cfb91306be01b2ae9b +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1940 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:2960
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.2.43491443\1720985999" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3208 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0fa32589-279c-4b3a-9380-db4c497a54c0} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:652
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.3.2076393275\1838173720" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3268 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {526a15c1-e24f-4505-a92f-96ff830df1a7} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4240
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.4.1222219980\1272396551" -parentBuildID 20240416150000 -prefsHandle 3428 -prefMapHandle 2856 -prefsLen 22151 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dd117286-5dd4-4da1-baa1-0bde896ae8ba} 1940 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:184
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.5.992919516\177987603" -childID 4 -isForBrowser -prefsHandle 4164 -prefMapHandle 4160 -prefsLen 22396 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ed435cc8-07e7-49c3-bb58-18ce4a20ca10} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2900
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.6.673914377\1177089454" -childID 5 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 22396 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {37381156-6244-4e76-b7fb-a80c7cd2913b} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3868
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.7.1526775005\642444347" -childID 6 -isForBrowser -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 22396 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {09e7632b-142b-47dd-a3d6-9718d854dbc1} 1940 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4320
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.8.967248326\2064337165" -childID 7 -isForBrowser -prefsHandle 4888 -prefMapHandle 4880 -prefsLen 22549 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7b5f94ab-51b1-49f7-b879-fc62226a0c49} 1940 tab
        5⤵
        Executes dropped EXE
        
        PID:5664
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1940.9.668530163\681070892" -childID 8 -isForBrowser -prefsHandle 1716 -prefMapHandle 3816 -prefsLen 23207 -prefMapSize 243660 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3a39d2fe-3785-4520-8ce3-64e43909da57} 1940 tab
        5⤵
        Executes dropped EXE
        
        PID:4760

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3864

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2508
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4312
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4312.0.820613856\1312072966" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 18663 -prefMapSize 243480 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a22b9526-c57a-4923-87f8-a94ee1f75690} 4312 gpu
    3⤵
    - Executes dropped EXE
    PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ab7e3e92dba9cc1f2a204288e0c83f3c

SHA1
41e19c40e35539436dd6b9148efd1bea6066f6a8

SHA256
8f5a46a5fc23b4b60fa1dc986cb0c79b0a6960470ae5f7241b0bbdb074afdd93

SHA512
cc1130379c539d6a72d05a80c62327f052173c977647c4937281015dce12c66c695625e3e344a048a9ed0b1c6124653a6f94001c61837a7d28388d9e5f87b498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b2b9588cbe4ea98e8d03061407fdc551

SHA1
ddcdccd1b67f641e623ecbbf09e005ae8d05489e

SHA256
02258e74c9d998580af31fcf1cdb9747f72c39a2cecb5982b98b6b753a8c9005

SHA512
13a0c1933cb6ad895be10d79f14c9537e006f57bf0a7b8820e9e09ac6b964f9f7761d67c7be45866ea768226bcb0872a7f0f21f6b69a7763ffc6bd62310e22ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
1d7f9303814a8da832a0fd77354413f1

SHA1
f05763d96399329429454edef857b0e4cc14b561

SHA256
9211182c7c21bbbf0d57e06418ce0ba479cbc65a2b828c9d27d2501738b2b4c8

SHA512
3c88643d464450701cfaf25c7c3b5713a5385eb625dce2bcfb1dc15ed12edcdb6a92d4745921a5aaddae43beb59ad3c77e0cc25847e52c391b866f355e4490db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fbaf4de5a220b1c5a52e996e73253869

SHA1
bc3a3ae8b3d560f65ad637b295b240704468c4d1

SHA256
71548d91abbe4cee7895758287422f20c8d56b32463d0c60b926c74950b8b9ba

SHA512
2dacb755f91416065379f4d05a43afb397944436ad9079a3fc8dedb2437d6c94ff4d4bfddecaaa9f258660889aa38d935bf3f2ba13f8529d995f342923c5da12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9cb5842bb4326e31d458912d2c329aa

SHA1
8f329cd8f47fb5fcfa96b22935e5df01a3276ca6

SHA256
7239bf96f4c7b4574305746364a78404866d7cfc6cda3d679c56cc8989ddc8b1

SHA512
3feeb5cf0d80f7c7bf6e71ad2d05e40d2daab69f5ac8652dbbf6f71a547077962f1669bc761e77f170a0c4081f6e4332b18d89b465cbd2aa5426f1cf874d81ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d1e5f5061477182a52dbd5c340bc508a

SHA1
4e878d62250cafdbd4a1ff997028d1eb309404e8

SHA256
eed0711bec5b9b4196c391f0b05bb46eb7edac710a0ece65f871457812eb87d8

SHA512
69ccbedd3a2f3e2ed41ef3fd651971a515c3f65c11aa75dcdc97d3c349ff05e7dff8eb1d13500c9e367043b3cb89f4343ed0c3363004897bcd7f24990b69aaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c88e0626f7e8bee28314981a622f5db4

SHA1
7d6d3deea269b5773b091eba0f3639d4139b5302

SHA256
d87fbb83ad175207c6a12793d9eb56bebc53b5d35d32a3861c747c64b96020fb

SHA512
b6cb3f13a8ceb7a54997f959e423822c97f98c70658e9574a483af0ff8a1b6ab847a2a06136c89c102dee4aa82c43c6e1b97d8d5d9b92ef8ce6573aa74984387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2d7e28cf2d106d3c066dd4dfe641743a

SHA1
1d20ab42c1da974a1f689d5bb69edd7c8c37a3b6

SHA256
571a7d7177e425232c78f1de62b34490954d5aa6b57a6b3effdc372a3c86d68b

SHA512
ce7689b21c074b6f3801c887f4802c7fac53629ebf9f5a336fb442d83e8b125dfdc3d98078a694cb47a5d7fa6b15e92f3305fe6e8d5755c68ee03836bac137cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f908c6cc9294e9046e3501a5a5dc31cb

SHA1
6475c3e37ba972813ce0f863a6dbed62b508e189

SHA256
ffdfc741551f382cb431579df276a1c68f766d3439a0b8939d4731c3543350b4

SHA512
5538ba367c5f34a0cfd0a90ed532ea9141dad46bec154b0879199566ac820a07b5c833d4fd23f27e5be396817b69dc36b3123d8859dca613271575ac8aec3638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b5a26f1245eba8b1236674ef24863ac9

SHA1
8b85d188fb50fd97f8dd2758fe45ed7a47d2c9df

SHA256
1de111ea51cdeda0a64b0900eedc5b0c69887204715c62cfd9bd56a1bbf7c84d

SHA512
6547942234118491c62531ca17d83762033e3f0e3f9be44197491630403fb8529e8cd0f2e4979ec14cecee57937213c74787cec57866eb8f3d519756b85687d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
9aa2dd3a49b9df537c2334075625383d

SHA1
4c9a278323c7024987d7ffb97a9f317c196ba577

SHA256
a9396ccf5fc3b826a6d3f79659291729c3573463df5d4afe5eac60abf2e29d64

SHA512
20fd2f1b78bea4d7cd83ca34a3e56adf8ffeea0e320099fff313a2a9defab8f40d42495e635a434fd9909a43a885896bac86dd3f23591bffe9af78a2c8535d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
cb3b7797ee90d8f7d60966a626e6d1a2

SHA1
d04a9ca93f690f32215a8b7fd05a627ef821b286

SHA256
9aee7f369729f9f8022b31588f27e54286b0abd70a63c76b27b89bc74d37ab5a

SHA512
8fa1f9123de0b3045a4808878a0d515e2faa1c9b12a17515e73b171e8b4e8b917421747d294843ea2cfe34b90f46dc4f58f978119dfba479d40c70a2d7e67977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
678d149b52c662e3c0baa7ac819bf263

SHA1
5f336e9c10680a6438ee90bfcfacb6afe81bb1db

SHA256
939d0dc807d07745bf1b87342c2facc28b054c263306ea0165730c7a822181ad

SHA512
90575c4ff6a59e3141ec97c1966c50d55c8f4758c5ea158323681f4b227a0b8e89cadd7364a796c8d1c9a6f033100d1281e1f82b34e4ca74512eda588133514a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8a51f62f050609acca363d9de58d0f90

SHA1
1569efe5151786ab7be55261d9a92405eb481719

SHA256
6493add803ab4d353afd9f27188e165c4ad9b17dc22e38011340a8865d11d851

SHA512
4fcaa5708ea335e711326f34c040b840ffa8faaaa7aaa1318dcdce4e339ee1bb3d75e843db0ba0a57b7b841e5354daed361892e3acc6ed48ce3dd473a928ed4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
76f6b0e06d6cdd7f48322489d5b811ee

SHA1
28b3ea750bd68f90aea2a5ac10631a0097fed08b

SHA256
60d2d06ee038ecb093b270071ca1d1efcb5167fd0261ca9d038512f7254ce36c

SHA512
3f72820016c2973a4637776cde0e1802a5f9313c9a830ae0d497b03a6beb17c0cdb98e42c88078fecdcab682a883b2c58e7145d9a3316a299bae65cb8c5c28c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
08b1067193940ce6b4e24127083f611e

SHA1
b2fc91b5aa1e9bb312c40a0c3fa7a52ab4588d7c

SHA256
fd72ff319885529f85a2b68801491b9b4a7304db3f4bfc307e530652edfa5a61

SHA512
45706af05675c6d7fde683af72b796935ca71d6a18bdc3ffce4f32be919842c43b250a031c41dc458b208a12bbd20c3b2b4662aaeab73c0ab347e83834a6d685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2703d070dbcc696c73ffcf24b1c9a019

SHA1
c94978ec18e2f6d04cc7e1e840fdaac6d93f31c5

SHA256
aa21756ec2c1737a309961364007c8c4528bf1e0253786452ff4c22c9182bc78

SHA512
6a1f3f23b5e249320c903f1d91ea9a908ead2ad0b6b8df37a02fba36a2368e58006b43598f65342a3ff60cef209fc6a6fa07b3b14f5361a5738660e1c52ae45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f16c8f8c465ba6bc467c5a87c0f39f6c

SHA1
2da4d0bd0ab46731ea449b6308f22b26b8c3eb05

SHA256
089785ba552f77b53b2ffa73cb7fdd4062ac38c94f2afc621b4ff73587be03f9

SHA512
9726bfbc6ab723b1213951ae512272aed54594f086feb6dd09767c73fe0d8e925f55fbf93a6fe170873faeb40f245a4f252651d75af0ac37bc6df7c40ed57c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9c2e6616757ef6645835b64198a0ff0c

SHA1
182361d3e348284e7f4bd7cff1d155b8735cb40e

SHA256
d29c09b8ceb01571068606e23048cfdfb8f0f12d424e884791ff5fe62206bf74

SHA512
427db0800aa52c6007baedfa0847c460a7d8c5682055ab55850f579caa8bd9ccf23e67c9a30ae1fcc05ab3441e41052004fcb7845766b3b62dee9b87e704201d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7c52cdb03a35a8df33d3fc5007ed072

SHA1
fb9cbdebf14753154bd941dc4c7156725adf9036

SHA256
27c0194d107dbea605d381b407f216146ba486a4776b780a23e27a3da18f09b5

SHA512
6ead2452b0a255796416baea6055a63ba9bfc3db0f281e87fd046ee72043f84b6a99a3c430745a99365ac755fc48f0447e51b8e17d136954d1e0b695b06166ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9e06dfa86fee5a8b632633c5497260c6

SHA1
dfb4d90e5670af910f1e79ff6990e980fe585931

SHA256
c24e74a40e276cf63185137f264a5d0b151a18dfb6be9db27019b48981fe19db

SHA512
e617c88865ba7b958d289c9ebb5d44f5faad33d9893852992c6683b19957e802ff267fe8e37d9e96087e4c29f8104065208c5639ad4a73643fed20005c396278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
6bba1f6e984e9e9aa9531124c196c8d2

SHA1
dd992976abe3d9cc470a8a052dff24c691b3bcdc

SHA256
1c8e68ba5e8d7f7c294eb73b4683b9eab4bdb1e58295bcd536197ef7fd91a389

SHA512
8601b60afc8640e4f6e541b8c680ff574abcb6d27e05ba60d7d7167a89005e2822583bf19cb85a0bc59a1003ddc13fb76f1eaab552cb915a5c4f45d9c2af43a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
ec75241f42b10fdebef7adc77a97b842

SHA1
76c97581c52e2a93cb193f49d5904b3a88c62d86

SHA256
5d25415e2d91affd676d9be6bf44724d8ec27b48b278b9289a29e466fd0b192b

SHA512
b93cb0fea6647436d7d7b48df312a4eb9d390b689c979455ece034862dd3896688506de4285a6c8765d5823a057eaa07d79080c0d221fdacbf80d27f925b44fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
739750cd92aacfd42e4df4d4fe9fbd19

SHA1
411bdb459fd027254ededbe97072cb51e6920b3b

SHA256
b945be482f82922131ad391bf71a85e69b0e1b936ff8583c1f1ccda89c783116

SHA512
0902e3bd0f186408d7df0962ca1d795b7a9e0bcfc1afab816b55f1cd404a731bb716ba4227736c5621c3cc6a8f15f8f8d39b11c218e701f8252dc2ae9e742d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
c2e27514c7fc7f12e41d87cefe2bb6bc

SHA1
2c42bebc25dbeaac6bc42e85bcb38a3bca07bc18

SHA256
6d176fdd9dd241bc850a019a861d82b5f54d8c6483c2547e75d8ca20eeb26ef1

SHA512
fdca9484f9f3bbaa49ebe2c2f44c69d6e5f307122516800a7a880e93aa6e89041f09510b31004a1a079cb2e7f5cdfacb29f4e94fb89f0f2f0429778b1b9f8fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
aa6afbcc183ed7ac1aa3418c3b202fb0

SHA1
8730a35ec50b4a3b76514366443c0b4150dc2b1c

SHA256
9e85c598980a1df37643083b22fb457e4ef63d0559cfa01d37cea1ca9866e389

SHA512
fc5742979aef640852b928736914c6e369feb132e45ac063f80cd35204c670addb15f391f52e4d10469404f6544bbd6f54ed75108fb0b236adb306413056aad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
75504f86d575eab94c37006cc8f1815f

SHA1
8dc6cd8e025a063206cba58532cabad1294acb6b

SHA256
24598660a844d7eb2320139d07b59ce0fae65ba7dc9717833d1898ed06430230

SHA512
d25eafd79b42a275119734a12381ec418cf2e2ce7cc8d77ed0190f5825b587f3ae3eaad60ceccc67d5da0cc717fc1cce77e368b518ace1852d1d8e0c560f0d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c896.TMP

Filesize
88KB

MD5
35c7f842a8095fe94aae9166e7bc0305

SHA1
019b43117da382f242abc32c02ca181edd95b103

SHA256
34e486a88dabbc98f4844644bc999649eb2580213b4f15ff59b28076955a587c

SHA512
ac62e6876e058a20c1f1bdf475f93af6f1c985897c5bd876a72848c71806a392b1ac60f27680cd0cf87caf9b5cc472bcbb606b546e3c01c4cd3ae11fdfd02886

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30C8.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30C8.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30C8.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-04-17_14_3hFICJ+eKQ8mm5xz0-50lA==.jsonlz4

Filesize
1KB

MD5
97dcbc2280412c20d60ae063ac104d3a

SHA1
1575f3b43f981b3b8e074d14fe8479bd1e104aca

SHA256
c45f1b628955bb11171ca91d9e8d06eccf8792ed72a77de12bd3f8c83836b991

SHA512
9eedc8351849c20e33c420d520aa89aa3a0a98a2d01625f4b1534218dd9f0c1331ef3220e0e1d10d7122c032132ca0001edb1442b0460bc4d30b6ea268b0f4b9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
8b9f9ce7ca85af96410cc9e733d47ff9

SHA1
80e1b7473e994268d2c978545ad87be03bbc7c52

SHA256
beea9062e0ea50fb747a68836e8a0708f5dc9b8a0758830da08aa9cf446a908f

SHA512
4291dc40cb625a5e32dd2ae2dead8cc83b4af60c0dce8f819329b0f68c41394d7e2778c2fd587df8141d4a84cef9e6d9394f706110fa78c753d38fe701456d34

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
8a573cfdaa667ce2a182ebe660a79f21

SHA1
484a539c83be740a4637f05c25ba39c31c7def30

SHA256
49edb534208af798f20ad0b85cf84147fc0703192272eddb8a3ae21de21c4e79

SHA512
25ffb28971895c6a1a00a505871f66c1227e864fd2e08fd14cab0171c3c7ec86837f26f41be6bb01f4345b49e3c5daadcc1acd32fc761ca4ce0f65b54177dfbf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
55f14cac5b347140c0eb33cd4b9aaeed

SHA1
6e8752ebfc9b9a6104a91871b1801766f0b3fa91

SHA256
238f06204853ba607d0284acf810985b998e0837efc732707de30c8ae4acc0cc

SHA512
4c7d0127248f148c1c08eeeb0e2c20960d6740f033f7f1331d7c3762a002ec4493b7cfcd8152c56bfcc7f99a106f50d0a3d2d09bf143e31702fc954dfa3a3a99

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
9d83d55bc7abf205f802fbbcf638e23e

SHA1
7e787793325221385393a7476f730f9243a944f1

SHA256
74294e421e20a6b517685a318c5cc17a878764080ca098d12d08bf21f5c9999c

SHA512
2578c402c6c0289b32deb718db8aaafacf315e2801bdbf7a7987b41eaa441a1a9216c84382f11cd1d0c2440f6939950406cc23b45172491a5c4164710ca4f6c5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
6KB

MD5
79453142bd505734908f2342c04221a3

SHA1
f8901c1afa2330c2eb0734f47045562db379b730

SHA256
723f75d0cd9f7b99f4149af5fe4fca33ceb97e4d3eb4ec07155196126c27d3e9

SHA512
cefb0f9a5932442c210fd4ed87ed0c3c3cc4a20d72a0b0dfd752d643c54461f00fe5ed6ab28cd3fa94d77da004f8c8db18e576ff4301e7636c022a7ef3c32750

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
56889d66de92d9a8abf7137503da4892

SHA1
6fc10c449ccb081a948b99f6cddc36b6f4f368ff

SHA256
8ae061bedad44deb64bd6db7d6c628fa07614ccaad078fe8efe9fb361e9b29a9

SHA512
24af688bbfbe241ba2aaef6dd0a03a5418c882336055abc14dcfa14d115d28f3d4d43c548f7da864c61a832f52673ad547d15e7ca17dce4e5fa426b64fdc45f7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
72KB

MD5
a841cfb8addf1cb404b337f20c5a4a1a

SHA1
a53bf7f28fb1660f3c8341ce03f989943851a8c4

SHA256
fb4e788c5e36cdcb662f6da42f70a577c520d60e50d8c5176f7e7d8ee8e21718

SHA512
37d24f193e92f6642d7e47d5455ef8160e25c3d3157b807cf982b2fd4fe88f0800b83c6615787a1e4d9279a1334f83a9f2fc4f3ef690d726b29abfd27279fdb9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
475221f03eeec41c91ef41ef665937c7

SHA1
be2933bde622f1f70a651e18e9e4585ccdd26786

SHA256
c69fe8ca9b5bdb1a21f27b583cfae1e319fe7140cd85c3066f3443dde8f9eab1

SHA512
6802a76b53cfdeefb5e781c8f837b10a7780e81c2997899b3f30ce07e1c5d0b92a06eeb831866414914db87a83782069901744960f434b6fb0323a1a23cdce1e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
580494950019a76f04f6fe9a17063d6b

SHA1
c9d1d0a86a299c18798d76aed48c01c29747ca7a

SHA256
9b965ee4a657dd6560941eaa4a6803263e1605935a0ee02bc5221530c114394a

SHA512
c3d8be151b00844a2049d4cc7204cc00070db8c88ef2165c0b0f4b48141f274b698b86207bfc75c37b01d93ee3999bf6bad514584d42881a710434e0e572016b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
9.2MB

MD5
a730b92f31482c4318d26f7b8ded33b0

SHA1
c527c7ac8178bd6670e4ad58396d9c9f48f5a215

SHA256
6ad534d25851af85d9ada3fac28ab687beebc538e3ea6c32f4ab22221821ea2b

SHA512
31c18ca5ba7812b7a98c2dd3fc1f13471fa4d0b64518dd4acc5cc6f550fcb56192e6a25ceaf77e6bb519769f985c9e6e6cf75725ed1ab8e62083192611544e2b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.7MB

MD5
683d0bdd9fd1ce8abec5d49c75100c9d

SHA1
e6e79d99d5f6c1a7403ad8d65a93369efafc458c

SHA256
b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820

SHA512
88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
0b2fae3c680dd4292503d1127918e158

SHA1
3ae591bf2a426f38ae5ada27ad1124ba89639b4b

SHA256
a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

SHA512
dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
726abf1280adf3129481b94b2bc644c4

SHA1
404f69e71296f2d199535e8a6d9fb56707fcbc5f

SHA256
8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

SHA512
160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
3e4d1ec1d2a6e85593459601b5a0a828

SHA1
92ee422285282dcb170cbc7808299d14d8d27963

SHA256
eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

SHA512
4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
71747091d34cc634b9ad3c360b45b0a9

SHA1
111cf483836f6a392f64bc9398a327be1c43dfc8

SHA256
6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

SHA512
b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
e1468699efbbd224fcb58707d369985e

SHA1
9a94d87a32cc8a549ce8d7843a3dfa26df350c78

SHA256
5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca

SHA512
2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
17.5MB

MD5
fd87ac3bc042c8394515dac7f25d486a

SHA1
431e4e515b6a7d4a5d654f1685abc9984f468c89

SHA256
e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6

SHA512
c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
784e00a75b5003af81a895f562c5540e

SHA1
44a0835fc56422a742c42c1d9415d2cef189d15c

SHA256
4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda

SHA512
25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
143.5MB

MD5
e1145a0fe6631efee7f008080a4b4722

SHA1
fa75a71342b3525a1f34b5f9057363429cdb91a7

SHA256
2f5cfe5ddc985e8d8770849a01ec7c1f43c2b9759fd50ad7f21a51cd7ce3a342

SHA512
6df50c8d6752131dc52eb2e631e07d68e42263b38e7d27a05f5231a6f7d71898e3c7a35f61f37bb78741158d8a5e00fc558e046d41297b5a95abc0a8bb2b12fb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
3884abb06b46abbc51e1d28e8737b843

SHA1
bde9bf1c7fec1a36c84898f2ccc8bc03dfde8dbb

SHA256
5aa34c278130b23335d99987fa59cdcf9408c15a2eef831d96697efae5905bdf

SHA512
7215ddd64c5372954f7ed62fdecf7cf1b56ecdeebcd03d8be5fd96c6a81e0a15cb42369ee6e31620cf3d331087925634dd08ebe2bf935c60880023fb6ac859ef

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe

Filesize
99.7MB

MD5
756994cbc174b3e69dcb4377e8a7b3c2

SHA1
2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

SHA256
8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

SHA512
a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

Download Submit
memory/1408-832-0x00007FFCA66B0000-0x00007FFCA66B1000-memory.dmp

Filesize
4KB

Download
memory/1408-831-0x00007FFCA5A40000-0x00007FFCA5A41000-memory.dmp

Filesize
4KB

Download
memory/1940-876-0x00007FFC906E0000-0x00007FFC90900000-memory.dmp

Filesize
2.1MB

Download
memory/3868-711-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-659-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-517-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-483-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-453-0x00007FFCA0AA0000-0x00007FFCA0AAB000-memory.dmp

Filesize
44KB

Download
memory/3868-452-0x00007FFCA0AB0000-0x00007FFCA0ABF000-memory.dmp

Filesize
60KB

Download
memory/3868-451-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-442-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3868-661-0x00007FFC9FB20000-0x00007FFC9FB2D000-memory.dmp

Filesize
52KB

Download