7a8f13709abce6b8592c6d049119edf50d3099265a6745518c098590a98d7516

Analysis

max time kernel
64s
max time network
445s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
17/04/2024, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tor.png
Size

823KB
MD5

0d666d466a77726efbacd1fff74558fb
SHA1

1b2db7382f16f31be59ad9e3e43796a8c2175210
SHA256

7a8f13709abce6b8592c6d049119edf50d3099265a6745518c098590a98d7516
SHA512

c73cfa08bd6c0442f5d0414afc9d7cd61fe3afe8b25aa4fc4ca7e5b6e8ade98f119636e5ca59b9af1063bb4bb46c53996221dc2d5370ad79790f6fa89f83a2d9
SSDEEP

24576:CUAwtYZPkkyQZbbOIR+xHvh2wPsiaCeeR39:CUAw5kyQZbbOOwHvhbkiaxUN

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2556	tor-browser-windows-x86_64-portable-13.0.14.exe
1240	Process not Found

Loads dropped DLL 5 IoCs

pid	Process
1540	chrome.exe
428	chrome.exe
2540	chrome.exe
2556	tor-browser-windows-x86_64-portable-13.0.14.exe
2556	tor-browser-windows-x86_64-portable-13.0.14.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2824	rundll32.exe
2824	rundll32.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2840	2540	chrome.exe	29
PID 2540 wrote to memory of 2840	2540	chrome.exe	29
PID 2540 wrote to memory of 2840	2540	chrome.exe	29
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2928	2540	chrome.exe	31
PID 2540 wrote to memory of 2188	2540	chrome.exe	32
PID 2540 wrote to memory of 2188	2540	chrome.exe	32
PID 2540 wrote to memory of 2188	2540	chrome.exe	32
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33
PID 2540 wrote to memory of 2364	2540	chrome.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\tor.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cd9758,0x7fef6cd9768,0x7fef6cd9778
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2856 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4168 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4372 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2476 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3760 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3784 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1236 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1088 --field-trial-handle=988,i,12580877954984783273,5592119148308413100,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1540
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2556
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    PID:1952
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      PID:1124
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1124.0.327903542\1860962276" -parentBuildID 20240416150000 -prefsHandle 1252 -prefMapHandle 1640 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ae66575d-09db-4525-9fb1-dc1340f19046} 1124 gpu
        5⤵
        
        PID:2716
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1124.1.1513672692\557766743" -childID 1 -isForBrowser -prefsHandle 1732 -prefMapHandle 1852 -prefsLen 20126 -prefMapSize 243660 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {294bc460-f18a-4a63-9e55-541def36119e} 1124 tab
        5⤵
        
        PID:1540
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1124.2.920782309\1305570233" -childID 2 -isForBrowser -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21021 -prefMapSize 243660 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f932bf9c-798d-491a-be41-ddbc3324abbd} 1124 tab
        5⤵
        
        PID:2556
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1124.3.1393054600\806295191" -childID 3 -isForBrowser -prefsHandle 2524 -prefMapHandle 2536 -prefsLen 21265 -prefMapSize 243660 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2ebb231b-fc5c-48b3-b3ee-759701f425ca} 1124 tab
        5⤵
        
        PID:608
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:a1503f8db875c46a602844cf8122ebec6275c3de8a87a5aa47089c3627 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1124 DisableNetwork 1
        5⤵
        
        PID:812
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1124.4.56742827\1638787098" -parentBuildID 20240416150000 -prefsHandle 2536 -prefMapHandle 2568 -prefsLen 22196 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1839807f-71c2-47a2-877a-c49898d0e8b8} 1124 rdd
        5⤵
        
        PID:2832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1068

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c
1⤵
PID:988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69588550c23bd57674a1f935dea04765

SHA1
3d2577b5dbeadcc3f68db75f38b056a4089260c6

SHA256
043e96b82ecf1c0206aa701ac04de399961e3e514b036aa0d1b739a8999b3756

SHA512
4892b1c1bbf6c71cfb74d739e462a0201307ab10bf28b735673988122ed47a5d4df4bdca651f357d9c0f209affe41008096202e9d6f1c99a5236677a91193e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21be9dd0-2b29-4901-9e29-e04ca14f38f0.tmp

Filesize
5KB

MD5
51edafe8e968101d3c7156b6d011bcd8

SHA1
e2c7bcbf3a968ccf0c0ca8b658a722387ad97133

SHA256
e3410cd89e4d7af952e492ff5559d881663aab5af0a0949a746c0acaa04ba180

SHA512
d19d37b1479ed5cf8e0c4d77c5777ab2fdabcd95580798398bb26a9c0a5c8dbd3280c83c812a55ad9c8c94a908da66e5f7b46b9bfbba5142165116e661755889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\752d71d6-e4c6-44a5-b68e-3d23ee3311fd.tmp

Filesize
5KB

MD5
19ff5c544c0919e2e1223843b09ba583

SHA1
3b05353680e93517a83c6991a2332f5692bfc868

SHA256
1100ba998c4502310d8ec8b084ec4480e05d2d73e12bb71e63df99c5f831e701

SHA512
ffaeb6a184cdd639b8355825d56f4819f0dd1bddda5af7b6b7ee73ad2778d1cabcdfdcea263b4aa0a9baf5902cdb49e93b9c7408cca5e34393d56b7bbec0f56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RFf774099.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e01a5812db7240f960efe6013d8da484

SHA1
99f0e9e35de7c5be00d6211ded8819820e1eb748

SHA256
7e7d87975f940752ad6c7c490a8a62b0365110cd51bb1cd470a19274d53c74fa

SHA512
06796d3f0612d8bd777add1d68dae36a33debacfc6bbfb86e95b954a4d2fe9fe3c3ed9227d559abbe29a07c070c999f648614097cc1ca6c42ce2bdc5886bcf27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
683B

MD5
f97053f0c693620525093b691cd258da

SHA1
f1786f6f8b584e6ea58636ba3645874204182832

SHA256
c2028f626509a73083401eaadc194b9bf70e59e7b173a449c6f5c425a8652541

SHA512
f89c2af8cca9ba0d745328d94c30f1db5e3403caf99f90e89de3135b30337d6375bce56ce9f62d0f72c4e3143d5cae149c020814d6ba9aced5ab5dfc5deb2ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
711ee84214f07d5e8d964c11ee2e3261

SHA1
b56912c95ccda2ebac9abb58993f363fe386bcf8

SHA256
81e77aaccc569bff7224be5da289e20b9e6ab7df16d4467d57bb72a8de530e97

SHA512
d7cace524888dfe15ca382c0bafbec3148e30d4a77df3ff010aacb8ccda2fa624fc65bf2ec0b6e6c0e5e47925c82469b7a475f5f087c12767a333aec6483eca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d18c29fb229c2efda72485cf072bc967

SHA1
e87be194e21490ef392b46ed9b745c7a3de1bddb

SHA256
bb87625f91875300df850f5f2b348b0ea8a4a66bb34f76a04bdf1d38224547cc

SHA512
7c9e0c1b61a6c7a92da987c8143433fdab0daca07508d075ee6995367ab5fcd626c2dba879eb38db2b5ac6f41ea1a5bb0b23b74d01e997dff0f0fb99491ac68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
5829729dadd1502392a2073c9a9e2ff8

SHA1
30f827d23150ca9ba9cf729b70cd145a4fa68b9b

SHA256
b629c1d10bef1d00e04283a6d914fd6ba4b85b21f1d5a1357c1593f49ccb8e16

SHA512
6accb618edb6d7169b581ed19fce525e2c0926ad8f3ff6c498609549bc0fbe81e7220e3f2339f9ee96467b479c3ea4208d3c7db5d1d8fd558a07e9ba4289d206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ADA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C67.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
21KB

MD5
d24044ace9321f7532ee89a62a658734

SHA1
778eb6996660c1586df5a35a2cdce0b70decc61b

SHA256
3e386b7e762ccf4c96870a64346a9437694321104f58e177a5907558a97e6dda

SHA512
9ca1e276947f3d4af6252196d4becd309dfe943cfdb149125fdd20a17c7cf2417565e803f1e0428f14667c865c02de956d31aa83e3ca3e61cfae40a3d7be7fd4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
691923ed3c2ddf4fe7ca69e9e9fd7242

SHA1
36d525f1c5b49c2fdb938046de9480c0641384ba

SHA256
af847d51c0b99b6a63281379c078306261afd8e4ebbdcaf25a33c11cdb728579

SHA512
0cf9a36eb0d07a4d96709eecbc9d4441a5ada817a930b47faa59b0c2f978d76b5641d018270a7dce902439cf2f9d9f511ec8f7e388bf934f0451156a8e8bb337

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
47c3a9fca755e380b4b2f8232163badc

SHA1
512a9e4f6b78c68deb847da1f9a1925643a647d3

SHA256
492a1676221b5ee840face7b20f145501cbcef83dc6c16f38c635304309ef1a2

SHA512
ae1c7a22a6fde52ae89adb41db1aba67235398ab34efe617ed32c3e88c93fd90e19b9c807ea727e35e66139cabd8c73f39fab32040b70dc7764fdfda66cdf65e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
666e2bab127666cb6b0627af6d6f70fc

SHA1
4992cd92f33a82ed35ad1ed5b9cbaac2ad20bbd9

SHA256
8c1f40460ec14449e5c47dd5dbf8e7c9ed4a5f5bc872196ef4bf03e64f3257c6

SHA512
842536dff1a1bfe14e1905219cc9fae42212f07130e56198e9eedfd2b9ffacc0dfca564cea095d254b4234602dc4181903c3b013ba148cf6dd99ae54d3e11c14

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
72KB

MD5
647290b532f0d7e66d1432bdbe242a4b

SHA1
598d9a37c68b7eeac7e8a43dcacf3ec68ef51048

SHA256
c0b8837efedd191ad0637caf448aab7e9879297f3fc33a54d014351eb26fe631

SHA512
c5c6aa8d858f9c371414b10e2336397d2579da06e496a6a7041b3bd35d0da7c0600ce0d09e04c298ead74bd04568b8bb28d998d0c86dcf3b0db97982b83e1766

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
4d5872fc6d706e7ce4f0eefa44626874

SHA1
b26e9d2c21bc763afd3203deaa5a9a1377a6c3c0

SHA256
35c720faed73178e4f408f59201fff95dce43e7863bd61337f67c26e8404c9c1

SHA512
e634e56318e3e8e0da4b071398558aaf9ebe81dbe2d631dcb937e621bb74a5d3632c3791ed9ade312b900c1addf6b800b62e3da6520b98248a13649ef67223f7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
8.4MB

MD5
46fe10b0dd9e0cc00e357c90d717ad65

SHA1
b2412bcb0cd63286b3784b8ec4f09d0f79e56b8a

SHA256
f940abe4665dca5c09bfb7e66ef2118d04413065653f962413aff193e74f99c3

SHA512
6fc47d2540021e1ee4996eaa3133f373a1712b61e449616dba7fa256e93d80e840d1e0a11a6596c02340dd0a9a98639bdd49d74fc7778e07db0c4e188f620b11

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.7MB

MD5
683d0bdd9fd1ce8abec5d49c75100c9d

SHA1
e6e79d99d5f6c1a7403ad8d65a93369efafc458c

SHA256
b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820

SHA512
88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
17.5MB

MD5
fd87ac3bc042c8394515dac7f25d486a

SHA1
431e4e515b6a7d4a5d654f1685abc9984f468c89

SHA256
e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6

SHA512
c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
143.5MB

MD5
e1145a0fe6631efee7f008080a4b4722

SHA1
fa75a71342b3525a1f34b5f9057363429cdb91a7

SHA256
2f5cfe5ddc985e8d8770849a01ec7c1f43c2b9759fd50ad7f21a51cd7ce3a342

SHA512
6df50c8d6752131dc52eb2e631e07d68e42263b38e7d27a05f5231a6f7d71898e3c7a35f61f37bb78741158d8a5e00fc558e046d41297b5a95abc0a8bb2b12fb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
710B

MD5
24f50390d85a824e63b44a882e62a9e0

SHA1
2345fd4781376c37a42b7b832e2009dcb9b5dd7a

SHA256
77e005cd6e96819ad2c6479d138068ce5dbe9e037ccff3a83a479d014e811005

SHA512
954cea718b50acd05b46aaf4bbf17a092a9f10287fac0f51f6e614279601c2d64c520d4b14e8636af5dbe38e10d1ad716417c43de795a1557109e024f7d9388d

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe

Filesize
99.7MB

MD5
756994cbc174b3e69dcb4377e8a7b3c2

SHA1
2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

SHA256
8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

SHA512
a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

Download Submit
\Users\Admin\AppData\Local\Temp\nso97DE.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
\Users\Admin\AppData\Local\Temp\nso97DE.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
\Users\Admin\AppData\Local\Temp\nso97DE.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
0b2fae3c680dd4292503d1127918e158

SHA1
3ae591bf2a426f38ae5ada27ad1124ba89639b4b

SHA256
a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

SHA512
dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
726abf1280adf3129481b94b2bc644c4

SHA1
404f69e71296f2d199535e8a6d9fb56707fcbc5f

SHA256
8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

SHA512
160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
3e4d1ec1d2a6e85593459601b5a0a828

SHA1
92ee422285282dcb170cbc7808299d14d8d27963

SHA256
eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

SHA512
4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
71747091d34cc634b9ad3c360b45b0a9

SHA1
111cf483836f6a392f64bc9398a327be1c43dfc8

SHA256
6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

SHA512
b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
e1468699efbbd224fcb58707d369985e

SHA1
9a94d87a32cc8a549ce8d7843a3dfa26df350c78

SHA256
5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca

SHA512
2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
784e00a75b5003af81a895f562c5540e

SHA1
44a0835fc56422a742c42c1d9415d2cef189d15c

SHA256
4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda

SHA512
25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

Download Submit
memory/2556-455-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-487-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-404-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-402-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-396-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-385-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-356-0x000007FEFB3C0000-0x000007FEFB3CF000-memory.dmp

Filesize
60KB

Download
memory/2556-355-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2556-619-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2716-796-0x000007FEE6240000-0x000007FEE624A000-memory.dmp

Filesize
40KB

Download
memory/2716-797-0x000007FEF33D0000-0x000007FEF3513000-memory.dmp

Filesize
1.3MB

Download
memory/2824-0-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download