8e1581aa2026a0bd025773020ce28825c5ff751bb2093f6a8cfce1be5c1df0a1

Analysis

max time kernel
2574s
max time network
2579s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

ddb173461c5e7147eec293a820c9c7b8
SHA1

0242500edfca59c9116fb4201058c64ab6eb2375
SHA256

8e1581aa2026a0bd025773020ce28825c5ff751bb2093f6a8cfce1be5c1df0a1
SHA512

2ba56506e81aa09eba41aaf5adeac8b74841e73b34ef16666863ad53973ef6df15a206d65653aadab5cbe7c094a37f36ffe4373722e943596f8d3cffcb0bed8c
SSDEEP

384:rFTFCRDpmReVoOs4Mi9ylKeGMOU8HhhbCAy7rS2LjMrSTpcVJCBXQL:rLEBVoOs4MmyI1MkBhb/U7MrSuJQQL

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 29 IoCs

pid	Process
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
1204	Process not Found
400	Process not Found
2976	firefox.exe
2084	firefox.exe
1292	firefox.exe
2708	tor.exe
1268	firefox.exe
2128	firefox.exe
2960	firefox.exe
1556	firefox.exe
984	firefox.exe
188	firefox.exe
2784	firefox.exe
1140	lyrebird.exe
2716	lyrebird.exe
2912	lyrebird.exe
2320	lyrebird.exe
3520	firefox.exe
4040	firefox.exe
3496	firefox.exe
4052	firefox.exe
616	firefox.exe
3308	firefox.exe
3424	firefox.exe
2492	firefox.exe
3112	firefox.exe
3720	firefox.exe
4064	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
2784	chrome.exe
2924	chrome.exe
2428	chrome.exe
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
1204	Process not Found
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
400	Process not Found
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
2976	firefox.exe
1904	tor-browser-windows-x86_64-portable-13.0.14.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
1292	firefox.exe
1292	firefox.exe
1292	firefox.exe
1292	firefox.exe
2084	firefox.exe
2084	firefox.exe
1268	firefox.exe
1268	firefox.exe
1268	firefox.exe
1268	firefox.exe
1268	firefox.exe
2128	firefox.exe
1268	firefox.exe
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
2960	firefox.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
2128	firefox.exe
2128	firefox.exe
984	firefox.exe
188	firefox.exe
984	firefox.exe
984	firefox.exe
984	firefox.exe
2784	firefox.exe
188	firefox.exe
2784	firefox.exe
188	firefox.exe
188	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
2784	firefox.exe
984	firefox.exe
984	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
1140	lyrebird.exe
1140	lyrebird.exe
2716	lyrebird.exe
2716	lyrebird.exe
2912	lyrebird.exe
2912	lyrebird.exe
2320	lyrebird.exe
2320	lyrebird.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe
2084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3056	2428	chrome.exe	28
PID 2428 wrote to memory of 3056	2428	chrome.exe	28
PID 2428 wrote to memory of 3056	2428	chrome.exe	28
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2740	2428	chrome.exe	30
PID 2428 wrote to memory of 2712	2428	chrome.exe	31
PID 2428 wrote to memory of 2712	2428	chrome.exe	31
PID 2428 wrote to memory of 2712	2428	chrome.exe	31
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32
PID 2428 wrote to memory of 2744	2428	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6be9758,0x7fef6be9768,0x7fef6be9778
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1296 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3020 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3700 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2416 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3652 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3952 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2280 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=776 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1072 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4056 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1588 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4280 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4356 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2332 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2224 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:2924
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1904
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2976
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.0.333971428\1920400906" -parentBuildID 20240416150000 -prefsHandle 1064 -prefMapHandle 960 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c4af19c6-a1e4-4738-b256-4f04ea1cfe0f} 2084 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1292
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:73dcc3948af42606603e4a8bc06f940ff692411d90b61da5e87d014c5c +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2084 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:2708
      - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        TorBrowser\Tor\PluggableTransports\lyrebird.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.1.353023723\925219768" -childID 1 -isForBrowser -prefsHandle 1988 -prefMapHandle 1684 -prefsLen 20168 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {91a5dad9-a6d3-4866-a9d4-6ac48ebbe272} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1268
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.2.1458854662\1965843434" -childID 2 -isForBrowser -prefsHandle 2340 -prefMapHandle 1864 -prefsLen 20944 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {26d516e3-a1c3-4b00-965e-3a5fe623b36f} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2128
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.3.640290730\483740478" -childID 3 -isForBrowser -prefsHandle 2572 -prefMapHandle 2576 -prefsLen 21021 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {63103a38-4831-4b5e-a476-fbf621e9d3be} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2960
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.4.388917750\1025316191" -parentBuildID 20240416150000 -prefsHandle 2884 -prefMapHandle 2888 -prefsLen 21265 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b5c9337f-b03e-4d49-a2d5-969238ea6616} 2084 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1556
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.5.1175826191\1673647864" -childID 4 -isForBrowser -prefsHandle 2052 -prefMapHandle 2064 -prefsLen 20672 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a8fab74f-3fa8-4091-82a2-c99962d152c9} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:984
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.6.79658304\469191045" -childID 5 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 20672 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {af9cd36f-335a-47a8-a9c8-6fb3459c132b} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:188
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.7.1393247371\883085722" -childID 6 -isForBrowser -prefsHandle 2460 -prefMapHandle 2900 -prefsLen 20672 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {31ba2a13-2e59-4347-b80a-ba36d6c8c945} 2084 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2784
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1140
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2716
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2912
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.8.2098642976\1609182024" -childID 7 -isForBrowser -prefsHandle 2592 -prefMapHandle 2652 -prefsLen 23172 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f1550c57-e63e-4cce-bbf0-962d56ba5721} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3520
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.9.2013320786\1235064415" -childID 8 -isForBrowser -prefsHandle 2564 -prefMapHandle 3148 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d7305c23-b1c4-4ee3-8165-31126ff5807f} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:4040
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.10.864757832\1694364723" -childID 9 -isForBrowser -prefsHandle 1664 -prefMapHandle 2680 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3e65ab86-cd49-4f5a-8d3a-ef9b9bd7ec03} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3496
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.11.319271455\797668510" -childID 10 -isForBrowser -prefsHandle 2744 -prefMapHandle 2720 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {baaa761b-a816-4348-81c3-d767260c412b} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:4052
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.12.792706516\527974842" -childID 11 -isForBrowser -prefsHandle 1500 -prefMapHandle 2000 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9ee3e3b7-dbd1-4954-ae35-92eb0f669c06} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:616
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.13.1564844594\1626292375" -childID 12 -isForBrowser -prefsHandle 2000 -prefMapHandle 756 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {97b763a1-2086-46fb-966e-13fe5811d0d7} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3308
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.14.904264385\1307454518" -childID 13 -isForBrowser -prefsHandle 744 -prefMapHandle 712 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3eb37222-613f-4dac-8b22-afd3fe433d94} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3424
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.15.1727763820\1998921914" -childID 14 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {370f0dab-753f-4013-8885-a74c34ddd4ac} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:2492
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.16.1480400327\1059781909" -childID 15 -isForBrowser -prefsHandle 3736 -prefMapHandle 756 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b0cc81b5-de50-4aa9-be21-4f6bd76988ac} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3112
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.17.327573847\182332663" -childID 16 -isForBrowser -prefsHandle 2084 -prefMapHandle 4040 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e2333e0b-444e-4c9f-bb29-ccbf2f837ac4} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:3720
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2084.18.613512941\1442850201" -childID 17 -isForBrowser -prefsHandle 3132 -prefMapHandle 3792 -prefsLen 23209 -prefMapSize 243660 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {389355ea-0fd1-4546-8b19-1850fcb66898} 2084 tab
        5⤵
        Executes dropped EXE
        
        PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4320 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3212 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1624 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3224 --field-trial-handle=1244,i,3272874817497325697,22440479630469029,131072 /prefetch:1
  2⤵
  PID:336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5558233df71bd75867dabe2e92cdf91d

SHA1
432dbcba67485e4f1f5f3a8868b6f1babe271d87

SHA256
e2d57025aa23950fbe5b47b5d5ed8127f5b256158df52119031dafc50971eabb

SHA512
c604f8fe6d33f11af4505f3b3fec0c31e3e452c609ed53f9546992c352819f4675c821527202208c42168e4bbccc8422ed0d9a2de20ea4523ec2a2e7a1a6e97d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aab2135d92a4d9a074442eb04cc4483f

SHA1
872a34e8b928ad17b34f0ce1beb5efa4509c3206

SHA256
fea5a8c64e5b8deaa32c8273e0b610bb0a24d466066c731a215f95e25bf399c7

SHA512
36c8960417c1e41eebccdbf42cfcf1f54d5a610bc8421283f8409d455feac50c9062cacdada8b644a4d438113f5644d303932d17d0d985e5bf95753cbece4939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e4ce62ef5720cc773731ff13301d708b

SHA1
ddd9cc87744e304c94c04953a665f651e0b1ee5e

SHA256
a6b5fed8c9a4e20c1eeac8dae8017a7f3f4b3273268adb91acc8b39970905ced

SHA512
754dddbe99c903d0745c4a577a17ef3c5ccb474dbbc4e182e05758f9ccce00e342b7fc0ad5b9cfa66b0a8d7cf6dd8304ba566370bb5b5f096fd2581696a3acf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09d0fd92f8e726a7_0

Filesize
289B

MD5
e8fb1bce9e81faff46c8438098eaff78

SHA1
c2e9333b98aee0efacd2cb6f318068fab6cbd794

SHA256
57470439be9ce66bdc712335384649db0b08c3d5db77eb16c55bc2a7ff493ee7

SHA512
be7056215dd0c78ba52cb543f639d4b711b72c30d738ef2e52f82f2bae2ace344a5c2b0f01475cb3aa967e30f512ff3955d5104c0ab0857fbedc1c8609e1ad35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9dd35faec8c0da08_0

Filesize
318KB

MD5
91594d94579facaaa8c907fc6328946c

SHA1
d8843c9cc01a04ec3b52305675afe2d2eb1de032

SHA256
ae06ae8e910d0849ddbe418991c3fe8d64165a85113a162a5d7e99ec99260df4

SHA512
2885972c59a3a2cd3175c2f400bb8365a0feab473e613f22199d870d6d1f0cbd8518853167c523f0a8ea96de21851bd2992414fb5373986162ae32ea992d146c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0fb8540dae47d580af17f537df45d690

SHA1
0e72681120ce7bc3514dc531c7a7cd985898d4c4

SHA256
8b2f89a17ff5fc5f3eff676af7d28c746d7c9761a1294bed75c2f853a5041127

SHA512
c2b6883e13990df8189a329f5bbb4656800114b3748975a2a9e76b8609eb7b0fdd9831592d4d83e558909cbba3f8213c1e4097f66ddf115340872f6e273e9b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
1c08cef80a6cb35d3b18a44b4364b2dd

SHA1
537b45e8aed92ad87144d4ca713c6f14cbbf38df

SHA256
4bc554c12f64b0e5978c7274365d4d64828f450ccc6b09c07176fd3ee5dab692

SHA512
d8dd70b3ff9167b5b6fb65a1301df4f689d3c312b6d84cdae312681f825c6248225f7732bd5fe578740e5b5c0f7d2c50c10208c55ce0b0533010d145299188f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9bbec38f9b9fdb7782d5be48ff98b442

SHA1
acd41ab3f91fb50087939e8cdf6881188ab9b329

SHA256
19b50f18a5a1eef8ff937cf5d5d923dbcac426e090a41a1f5b6d6982701112c6

SHA512
5e83dec93fad0a3afb978ec64f0346a99097527b1c4d9db6d38391cf237547aa58a5c42ce9fa2ce234b368ef0f9dda628c6ed6f8d1b4269208ac52ff2a209988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
63afe5e210d61ddb56568c81fdae52ee

SHA1
d463289af3bda7e5e2afed549e6d3f295638c322

SHA256
406a6f933d20c43463fd2bfc3456cf73e544d9bfd6833e2668309107eb0a495e

SHA512
8fed1b0d45b9e6504d47756f0cfbe7929019eb616bfbec1f61aee4c304aea61eccf428e0a5be3db56c88a82c516e9b6b0aeed604d363a57610332b23d4e2e797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
84ae21659e5e2d6978c74c4a7689d27d

SHA1
990b4194801ed2cebd80d22669836db69c697117

SHA256
afaab654dd4634451bc2322a76a3b225fab4034e43fa2b7bbe73d22535f9fa1e

SHA512
b1c87bf2f2ccecd570e09e0a814a7f340791f8bfa6f2d26b95ad113716b423b1800bcda6079e040052aa70d3f082459505292b9de60d49aeadb1aee26d2c3d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1b42da334715cf0c26cb0aa473b8ce29

SHA1
fbc9f554ad3534d217bc0d557b0263c5bfbe4186

SHA256
edc659517da0f29e3d87d5ff6de0d0f00a342ccb430c07e8e1476318b21a76e7

SHA512
88f1c9bb55984ba7ec691a71e45893f4a7fae0763a7707ebdb2212265b3c41a8bd60c90b3c37e0f314e25456ad1a2402a6f2bb86ef36b64edde1761336d31ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
86255d934ac7fadb355828ba6f88c052

SHA1
aaa2c1906c3cbb97953651c3c7e390aac4510ce4

SHA256
96d5671458e68cecb20b03542e98b2e6463ca504c4a7db811a0813ab670b402b

SHA512
75b466a6adf6e34932997042a991c0a726f896b1232ad09e59e476af9e86d14e012c2f752bf532c9b99c16294cd90f7002d185748bb9154b9a85b080f449d8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
61927edd3e69e8c4e3d8e50d89cd9eb9

SHA1
866b7b5646b1a592f50abf78b9be4e40ffcc6151

SHA256
551eabaaf728c3893e16fb50bf621aba30f20c7201c14361ff9f969b9c99c4a7

SHA512
584dfdf6993b31991ce480bde0883eab0274f2d0306278bba8b083c468178c06307ae41920b5b382eab92dbca9071fe9c4519773b63d07b422eb9897c7e16f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
157b58a39618a7ae38dc509fb3cd5178

SHA1
ab4d7d0c8a4d03f86e9875561d3a800086b9efdc

SHA256
bbb037ebbdbe7d9a18a2078a6ede213430e63901b35181cba0fb537dd0cc0fba

SHA512
7a6d6edcaec9a45e9012f4210f3430c10c3f77fe8d05121ecdee459927fb5d58a49f89819d2c932df1e907f60438c1656ac11eaca782a2f70bd4730cd0fd8927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7ecbb3926f6e44b71aea67946c8af470

SHA1
ed633d11860674f75b1c08ef55397520678a5bd2

SHA256
ca157f7dc0934891f8a0335a1ac8a060c5f1a9f3331262995de6635a655fd682

SHA512
0c7709d19d5e12c20dbb22a4dcb68b0ed87210e6db594434069ab5250407bfeb1aeb18c5920ae112f07405a5fd34cd87424c9bb12a20a2e0986b1dedb379f933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
441a54abbe71761a92cf7074e15c089b

SHA1
993bdd3b64bd73016eb61f2b219ecedf1f07c24f

SHA256
d166fc84cfe8b05b1d3fb17ef3af9bddd69e4a3147710685d739539fb7fd0861

SHA512
6a71254b23dc45e9e7adbb964cc6156701dc26c77e764401e56384d2e467d3f76601b6bb77230a87dbb9347870fccd5c50e2c0ae6591efd01ebf33b7098277f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c704ee2e0e573882599bbf68b95f7995

SHA1
c2edb54228e8264f16f3878fc27bc360a79e0944

SHA256
0ef76293ff201a645cdca5dda40337127e6d4f22b61c1fc17a755d7f36336c76

SHA512
cd3a51fd6f5cf9ce35c5d55d266fbce4852cc60031b22d73569d8c10f01e0a77be57563c6e77797837236955afc9b927f906a99339e42ef145680f1aa14fbf2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
118a783cffd7d0eedd3847aecbf8e808

SHA1
8d33ce2ec2e3e63cc35cefa56940f04a206ad351

SHA256
79402aa4d2ce84ff0e8896b9d96c472af70706eb3193ad5435768d15e870e2cb

SHA512
a89109b51ac27484b2dfd761f624f1d7b85b58d867c30b0c104cd9a9457c0dbb11cc77c868a88c42cdb454cc11fe52caae506228d2249b29012bad19132ba841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
364B

MD5
86244cef12ac1550ed99a4259087ffc3

SHA1
2cf0c5546ec888e09503956b61201d07a038fbc7

SHA256
6383e3a8b224d8fb1d5f1499face46f56c4a8cc84fc49d39d1635a9bdc684c5f

SHA512
b42e8f12315a5217c16333eb4367e9cc4dace0857c3a036f3e8a875f622184554fe61d9f8fcd259c4bf666f2fd99bf71fdc7ba29cc1e1d0a75989305475a5a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
64739b07ae7ce33061865ed649d50cb0

SHA1
11334f799055e4ae7de3a4d4f34de609f7638b3e

SHA256
e487afde9cc0a17738c18201e79e0d43535d4cf5a970be4ec843913e3e0c40da

SHA512
84ffb92898caa909ded8c3d654f2540745838dde48a6f8f22d4225b3ba1475b8f07469b2432dd49fb5ef32db336fe6f611d3a97fbf6ce7433e0d5d3a1272a673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
528B

MD5
15483eef009eb447b8194c919d453727

SHA1
b8bfa313b2545cf3e114ec28eb9e3018da3619fd

SHA256
893b1fedaf215ab231df1c8439b30e28e67e04afa690031866089a81009b0412

SHA512
8f8447d453aec3218ee76ae42ca35c5eb7cc4494b486ab481549a2a1369ec0015373ed7cd307bda9a4fe62ddf8496519e82fadd589b5e2c5108902bf8cacf660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
364B

MD5
311a20a4f146967756e9e444d3d9b6cb

SHA1
4547070e83bd55ca7e13ac7d296ced1ccfcc0d34

SHA256
a4a29e5bf38676fbe04ec2481174a7f12c4232a3246df28bc9e0ef063faa86ad

SHA512
3531477db311d5dd123220d7f6197d46f9850ebeba2b9c939adc81e28b1f21f80a4e0683c683a3a87d362cc194d110e1b33af4f61b9c886a41df1aee9d62c8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
528B

MD5
e9adea755214a5f1b0a43b2e96abd5a5

SHA1
a7022320307d6191ca86305cc5091c0029549b79

SHA256
e22567a09d1f43d6d87cb165426996ceb7195a6b91e0ed05f221c89ce247869b

SHA512
3846fa209810d2fe08f3f690eab1829456e74464a274626d6a664722e8c74b55782622f35ff30c6f5abb5ccbfe542391e68fb8b3d3ff3aebe2d65e45470e66a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4743e084127299a8661173207ca4948c

SHA1
90acf16373e86bb3a41a3423346b872b557f90a4

SHA256
9ad5934246d0df764eb7c0a96b85b6a4f802f7b8e2fd03f9fb9425e9ee4b4f8e

SHA512
385435d641b66351143e63bd24a299e8718bd652078be7550df0e5ddde7b89b512433bf11fe35988dbdd1984c3731a0a588b773e94797a61b0e7435982051733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fbfb9bcf7649d858b1cfdbf3f1021aab

SHA1
4e64bc8f2b497893ea8f050777c1efedabb17401

SHA256
7a99a981120d016252ad9b5bc5062cbcb36964ea798e42c89c1efe23d214dae7

SHA512
8076674a42ddf630f07dab607a459200ef58e4eeed63416658822b48571ef5018c59d1f381c98af003938500c2fd3b2984d3de9388727535ca05e060e7003a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
504cffbc2e895e4a5433e0627a44b4c3

SHA1
84dad97d63ba98ca001e5ff40aa2939399665e33

SHA256
e22ceab5ded3ab635af88acac9073b6f84ddb69ffde0d71222c86b5feaddd25f

SHA512
58455729094ba60e839685442c060ced486d0b1eb6b5c0b01d25c715f6d1e169a26ec3ba34cf0028fdd2e1ecb49dc0434a08f95216bc4533c9bc7c03c14c4a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a95be7e6aded7fcc82673ae87cde422f

SHA1
5e7460a0809d54c96a404ffb8d7dfd11d57c7d42

SHA256
7f56f10a32489c923acb410f84f0a279076330ed2afbb87e6c337aef7adc7513

SHA512
b1468f51997b03c6e78e2c401175f400e6a0fa734b6268e025cc92fac6442a6fafb42b9de38c9602dce23c5308de2c7e20d51b290ec83fc8da8241290839ac77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92e04cafb6ae2ad9c285420e25368c3b

SHA1
5459dfb0239c1aeeca2e67f519836fa451c48a22

SHA256
f35ec73e9f183212560c99da778befdb395c4a7ebacd01972d82272c0e18602e

SHA512
fca6a2e552338e07fe6f93ef1475d56d405dd4d4da8b5f74257ed2f880a12d49e448b9fe23b79cc4a0e81b367c557d8b95c542277a2ca851205243b8f0e732de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
435729fe3362815d7ed734609f158779

SHA1
e6169ced55262acf850d915362e88e3155d36f25

SHA256
ba7e443a5d02ea18525f88b7a0f4c01c1d8310b9c54c527506fee74e0b02b0ab

SHA512
d8006e49d232de3132df878e79e28f101b721299283452340e5dd7c3173cf2c3eb267403df7921640dbe20e41fdc812a0ec55fad04ddb1fccdf2bef0a5d229a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
240b6a80022d34c3aeb187a28ece8737

SHA1
039aafff2da75554925e43193b16b77f6a5a3a41

SHA256
169159cca225192c466d574dadc264e9d11abf299ee9b43f6b839bba4d6488d0

SHA512
ffcf031537e5dc474c01aa701968811ffc15c33f25783de5fdef169980b5f4e5f47abcdcf8da5168571cc17669657981752fb5c20c05939229313276c7936a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21e9598ed96bef2a99f2a1779896c5e9

SHA1
9a16a2d9614273b909e1a9f01d05baa72283342a

SHA256
b88b314815b48f62da27dcb45eae2eb6a9116f9f6b5b7541bb590fd27533a6d7

SHA512
bdf036efa28f73a18b23666aee4f06806ac0b7787fdf0fe5d00851909e5add5f3891763945cc8f82076d66df411fa5f7b34287d6a68019f30c2f44722db740d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7776ab532ff3bcf47cf6ff3300dc53f3

SHA1
fd136238c6f8b7af79bfc429d6565efff8997bad

SHA256
8d13397c6d24402ef1477bbd047131ad027ec35270e7fce9cacf217d83608553

SHA512
ddf934bfedab028c0f3c3134703a173ad143bea254294067ff9082ac4727a623aba810747ae0ea0fe78f0a2d6304f90d1b9de452e75b45683fe575c55981ce10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d62e5b68b65249dec7d73c7ac4c1772

SHA1
e8356d66b50ff4af3a08fe996ccaa179d10725cd

SHA256
d767a86cfc082ea1f82b86dfca6f13e883569ee557aa4b72ad991e8cae8bb0f0

SHA512
412ed8746ec6f1d45bb69133c5f49a1cec2a64b7f07bca2ea197ed9416e4468b9b51fc64d149cd3a91a9fd13a24d06ee1901629fb3dad6878071c69ac8d75db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e9ca866529af7071692522f2da46fd3

SHA1
fdf1a8e924f070ea2c59a11d9fc546cc8ece6caa

SHA256
09c555c28f38c24b89d3fd9c803202f48d5c8451b419f1fdb1ca9858526427d8

SHA512
2bf51c20a38727044a02d4580d76bc1b8a2b569050bef79bcb465075bf059f03bec4b3f32afc7dedff9f7d34893039c7a34fe54cae5f26016864d5fc3a7c5b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7b92f3c-21b7-415d-b003-08926bc9dee9.tmp

Filesize
6KB

MD5
db3a95f4c017513d41c5e91422017df1

SHA1
c8edbd963f6720f127ec939648f55f8ea08e55dd

SHA256
451dd18a8c9be38a3e493725a9e763b4731fd11e4293da8da54040ff2802b3c6

SHA512
552089de41e1e69cbd4440fde5600a211b38f1704fca0ec3d1c66cd3743d169c2b36bb2f9f1e5fe3466d3d37ea87ed15848295a24c9caba744d7de547eef99e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
fb7cca5067ff6509497f79d044e191fb

SHA1
964a5a93bc8abab97647264935501b9619f3592d

SHA256
b2fe1703d84ff85ac3a974c313b4b69c77189268aadac0317dc7dfe2010039e7

SHA512
cac9c335d77eea6fe593d10e89e16992e8540422a15e9baefb93aa5865302cfa22da78f4150382f2fbec2687b049586cc429b42f4b558af13fb30cb2d2a946fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
a3b05f35adc4b343953795ec850fd749

SHA1
ff382c8da78b138700b802c4ebad4b402599de9d

SHA256
8c28178a264299d7fcbe3a5a17432d9ec9516103e154818e5b6efa1ccd5d2008

SHA512
0c2c6eed25369163c38ce65bf16d96525ebb86ce431d49fb85c611d6c7bc3b81fac2e24dc4de79b3b4cbd2986512a0886b28ade309e34a51881bdd63e32e484b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
af49146490a56d6af978234535c9d12c

SHA1
430e009116318deaa3e998e6651463c970ffa452

SHA256
1de91e9b7091ca3579b752f7d42dddcb5c047c0a7072e5071cd9899cbd6c24c2

SHA512
471091db375ec56382e59b830ffe60e11cc019a5a493ed81191f2c654fd621ef8d49483bb0b60b2639f04cfb6a9664145b2ef028b5a3efe514ffb301f8fed615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
54563e9b9e15f55c47d2c49959fab83f

SHA1
76daf587c7452c40b040fe5a28be35020ade24e8

SHA256
0928aff6badbc316543d763a3e7dd10b3fc108c132c06b284b85918ca8b13efe

SHA512
0ff74545276bdc5714025119b59d97f6ebf71857c0cf9119c4f6c233791afa1857174c36cd68558b0d795b51c570e87c9d98bb04184b04ce4e71c48e1f4893e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
de73737ac7915e9987ab50ca2efd6849

SHA1
b102c1642cbcc4f13b60010da08daecc07a35a0f

SHA256
e4e96a4e7186e90f5c78183e9500c4832ccfe5392806e9278f5b202a6886800d

SHA512
3f5bf808e1267b78ca14a8d355f71e3190286e0237d3090c1e00531c485cafd434d90bb9b449c58d56c6119a484fe40dacfe06884c553b4bdabc1c7a1a491178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
9d92dc623007659bb0a054eace0d5f72

SHA1
d438ba1ec87342ca04de5766a6328c77239308c4

SHA256
5cf4942b1b06f03b8451744c6771c308dffbd68cc57f6d85b57f0a668f2fa9b0

SHA512
79842a48a9d74e622d1b1b3e347b27cccbb0088183cf3817e2413c43fa6bb1750b15f005b981454cb1df75699933273bcc832f48a7a42f23da27c0d0c301825c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
480ce2acb71ed376b3f6e7407325f8b8

SHA1
468cb76196aa58c34b26f8bf3576da5b6c16eb96

SHA256
491782fc67681b0e8a6b0350bb03f9701d18f5e6ad4ff1c1bd67c3a3605b116b

SHA512
bba56f85bf02580098811fdd81972bcf54e890736e8d610277e7716f5567deb753b07dfcf08ce89cabed079bd026a72fdb540599d344c6feb094916647e2b023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
7567432378801cadf0038d8c3150bbde

SHA1
5159939ce8ecd40ce1b43678431c1cfd05e3a561

SHA256
5f17359baa8f323af8d790d2dada5a751c777be31d0f1f04df7216a221f838a5

SHA512
897a7bb7a219cc096915141adc4e1a36c040dd0adf709ad58174f3845ec41bbe30451ab71cc1cd3bf96ace617f5749534cfb18e0650fa5b9fbe53a8538a90431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
3cb810a8be55bba8f297d6876a0cc4be

SHA1
c35ee07e9c191b24c2228414d96fb0a611888bdd

SHA256
6c159ef000fbd089099c948efe2611b22529cd9e92ad645a3061ccd685c43eeb

SHA512
cbd8515bb63076b55d649f1d214eb30d49ba936f8f882b5b245fe25efb3e0c3a6e817ce7cf8b3b08f66db6d22764ebab6cbdc56d44a18a705a18dab6df4f324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4BE4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-04-26_14_76cHwHg3AHtlDdtOAKC1RQ==.jsonlz4

Filesize
1KB

MD5
f6ab19e29fda81334cbf53401a2776cd

SHA1
aae1a39b423c20878ad05cb4d452f12535f709c6

SHA256
5f11215d05a214c97c15ea52992c99dad96e568784a62b1b2027491c3b94cda0

SHA512
152047a3e14b2f861b6d903878083ff3d82c5a16eb42b382b9baebdb490e7ca9da08cbdb1bb2e651b1d8b10c03fd7dde008ce7c589b7ed8738a92cf555169ca4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
ff286140fac4d2ca6005ce7850cbf60c

SHA1
e9e50c13eecac239d2002aaed96b85a63c8c11b9

SHA256
6645d230180ebc46c81900baa9317183c628f49370682ab60066f52f6772eaff

SHA512
8544782b637115bf831d89a284b7809b8f4590ee176e316753fae523608c462378d7e222a9e03b4148d965545f00309123325b7c728b3d1e8b9425cf10ce40b1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
cb33bbada655a268eb937c912dbd01aa

SHA1
19b412d2704c3941f2285732b139d8989fc22328

SHA256
0c226734dfa37864c1fed7f288ae2d8345ebe91f69399f3d8214f578aba37421

SHA512
4dd4fbe3816c25647ea96404787ec4349002d259a774e80e4c3632c0600c54567e91340cf7d5c1a7efe7dea0cffac498090e91372300d09934aa1cadc509abd1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
ff992afa1abecef8fcf6caa6388e9b2c

SHA1
92ddf09eef573bd2b5c8361c3b40335e0938f0d7

SHA256
e90798917c511da7a0f0f9bb11ca0ca8256f2118c67c0c8075f03d15a17b68a8

SHA512
cebc42b5c6b064258369fc0ea6513ba56d697e840906153321f14e468c221ebacb1cccba6b151e6625263a1b379199500bef286012be7c35aa284f7b372aef6f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
fe2cd14a4c59da1ba08a4bf488d28564

SHA1
6519558ff58bab3bab2b87367a1428302070d21d

SHA256
1ad2e7a3d9655ece7d803a82aa61e326ccc2a7928af7a2460948f55583c6cbda

SHA512
4657698d6f11c5ac0958e58700635abd179729087a3aef5fdb21ac79e525608029e40183cec78d939c279e3b82fc0bcbe92155ad716e724e27bdfe0ef22c81cb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
72KB

MD5
adc7d072a0237710e95d465985b229fd

SHA1
22ed4a155ca03fd28a39197cbef6e9fa5a0d872a

SHA256
474f96bf66237ae0044d75c18e5b96ffdd02667476de5cd91ed6741611690b60

SHA512
72bece11095be4eec005304291ec3303f958d8eaa7a192e8278d4b33f9d8f2a704b025ef4906b88df086ad313631701b6cfc21da682069799ea6def64b436a39

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-descriptors.new

Filesize
14KB

MD5
7ee4c622ce9e791cc5acde58392bcdc5

SHA1
f1bee53d510a44e563448fd9a10ac7773957aa30

SHA256
a8809efd64fe90e06811c98c2adc33d1e12f0bf39945cf0cc160d2bd841d0bfd

SHA512
09ddd7ed042a0c3d44936f87cde7e8212214b39f228f2ae55d0660a8187374316c91841f8bef10c075dc8c62df6ace4927ad828b3a22c481f5ae3f63c6366b8a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.5MB

MD5
66ea32cbba25fd4f33dd828c90ecdcbe

SHA1
ace27b0a365d996a9ae46950ecf277731ade1f93

SHA256
6a33eefa7b9a2e6106dc1bed349b6a2b08b32219ed30b50d115bd623c0310d84

SHA512
d8d59b5ff01ae451c98b9bdbf00b2e9095f25da0cff51c789629d79c7f4b541bff878bed1a44406122e94e33c31033f91d3eada3b8673a983e73f7415a62e18a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
5.3MB

MD5
7ff60518ba2ffd318275e5c40a54d735

SHA1
dd4a5fab324f1cd9c62a7d9a41480c7f892e0229

SHA256
d94551229f0230f43d42a4cb32812332cae0855d9754a9e03ef0d2669f4aa631

SHA512
3c758ad34afcbc270f6cb99bf85baacf6521402d605c51ca627f83d116cc3c3dd244a3337084de56d6f913996dcb1cda36921cb9f256f82882ae767902f01c19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.7MB

MD5
683d0bdd9fd1ce8abec5d49c75100c9d

SHA1
e6e79d99d5f6c1a7403ad8d65a93369efafc458c

SHA256
b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820

SHA512
88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
0b2fae3c680dd4292503d1127918e158

SHA1
3ae591bf2a426f38ae5ada27ad1124ba89639b4b

SHA256
a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

SHA512
dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
71747091d34cc634b9ad3c360b45b0a9

SHA1
111cf483836f6a392f64bc9398a327be1c43dfc8

SHA256
6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

SHA512
b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
17.5MB

MD5
fd87ac3bc042c8394515dac7f25d486a

SHA1
431e4e515b6a7d4a5d654f1685abc9984f468c89

SHA256
e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6

SHA512
c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
784e00a75b5003af81a895f562c5540e

SHA1
44a0835fc56422a742c42c1d9415d2cef189d15c

SHA256
4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda

SHA512
25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
143.5MB

MD5
e1145a0fe6631efee7f008080a4b4722

SHA1
fa75a71342b3525a1f34b5f9057363429cdb91a7

SHA256
2f5cfe5ddc985e8d8770849a01ec7c1f43c2b9759fd50ad7f21a51cd7ce3a342

SHA512
6df50c8d6752131dc52eb2e631e07d68e42263b38e7d27a05f5231a6f7d71898e3c7a35f61f37bb78741158d8a5e00fc558e046d41297b5a95abc0a8bb2b12fb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
710B

MD5
461ffac4f950dd2006d2130d058af832

SHA1
bee3e8b76066d5c43465c176e8448f2c594c6771

SHA256
d4d130cf428d5b2d507c1bd58a7485ba75981c2ebbd31bbd7bc3b64aa3c675c3

SHA512
87bd56a9d729ea4ae2b1c89e4fb040d80abf617c6c0bd60a107d57adf71e682f83324673ffcfc6901bff54fbde6416f6b1fad14abc3543e1a6fe426f2e41115b

Download Submit
\Users\Admin\AppData\Local\Temp\nsg2FAA.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
\Users\Admin\AppData\Local\Temp\nsg2FAA.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
\Users\Admin\AppData\Local\Temp\nsg2FAA.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
726abf1280adf3129481b94b2bc644c4

SHA1
404f69e71296f2d199535e8a6d9fb56707fcbc5f

SHA256
8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

SHA512
160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
3e4d1ec1d2a6e85593459601b5a0a828

SHA1
92ee422285282dcb170cbc7808299d14d8d27963

SHA256
eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

SHA512
4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

Download Submit
\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe

Filesize
99.7MB

MD5
756994cbc174b3e69dcb4377e8a7b3c2

SHA1
2fb14aceba0c8df3478aaf8c039d76c6abe3ac36

SHA256
8738a94ae5290d577f3aa700e918239a4bcdbe91d41d201434dc93620617997b

SHA512
a870822e4268b04f1fa8b937e1b1be29286df4492173e2fe5f21d4bff1aa69ba8f8e50670a40b5a372ff2bf23a1881ae9417fc36c20c03bcb9166afd64c22a17

Download Submit
memory/1904-880-0x000007FEF7830000-0x000007FEF783D000-memory.dmp

Filesize
52KB

Download
memory/1904-923-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1904-704-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1904-705-0x000007FEF7840000-0x000007FEF784F000-memory.dmp

Filesize
60KB

Download
memory/1904-878-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download