hxxp://google[.]com

Analysis

max time kernel
2035s
max time network
2041s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

evasion trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 55 IoCs

pid	Process
1044	firefox.exe
3648	firefox.exe
520	firefox.exe
5156	firefox.exe
5608	firefox.exe
5580	tor.exe
5724	firefox.exe
5172	firefox.exe
5592	firefox.exe
3924	firefox.exe
5224	firefox.exe
3400	firefox.exe
2772	firefox.exe
372	firefox.exe
5748	firefox.exe
4428	firefox.exe
6096	firefox.exe
5684	firefox.exe
6012	firefox.exe
5276	firefox.exe
3908	firefox.exe
1160	firefox.exe
1056	firefox.exe
5216	firefox.exe
6060	firefox.exe
4352	firefox.exe
4468	firefox.exe
2772	firefox.exe
5088	firefox.exe
676	firefox.exe
1576	firefox.exe
2584	firefox.exe
2712	firefox.exe
2080	firefox.exe
1556	firefox.exe
924	firefox.exe
2924	firefox.exe
2672	firefox.exe
6040	firefox.exe
1708	firefox.exe
4252	firefox.exe
372	firefox.exe
5732	firefox.exe
3952	firefox.exe
5408	firefox.exe
5072	firefox.exe
3908	firefox.exe
2876	firefox.exe
5996	firefox.exe
5328	firefox.exe
5528	firefox.exe
3288	firefox.exe
2956	firefox.exe
6060	firefox.exe
3436	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
216	tor-browser-windows-x86_64-portable-13.0.14.exe
216	tor-browser-windows-x86_64-portable-13.0.14.exe
216	tor-browser-windows-x86_64-portable-13.0.14.exe
1044	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
5156	firefox.exe
5156	firefox.exe
5156	firefox.exe
5156	firefox.exe
5608	firefox.exe
5608	firefox.exe
5608	firefox.exe
5608	firefox.exe
5724	firefox.exe
5724	firefox.exe
5724	firefox.exe
5724	firefox.exe
5156	firefox.exe
5156	firefox.exe
5608	firefox.exe
5608	firefox.exe
5172	firefox.exe
5172	firefox.exe
5172	firefox.exe
5172	firefox.exe
5172	firefox.exe
5172	firefox.exe
5724	firefox.exe
5724	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
5592	firefox.exe
5592	firefox.exe
5592	firefox.exe
5592	firefox.exe
5224	firefox.exe
5224	firefox.exe
5224	firefox.exe
5224	firefox.exe
3924	firefox.exe
3924	firefox.exe
5224	firefox.exe
5224	firefox.exe
5592	firefox.exe
5592	firefox.exe
3400	firefox.exe
3400	firefox.exe
3400	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{7DFB9AC0-2935-4741-9AA4-ED11C9F9D086}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.14.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3648	firefox.exe
Token: SeDebugPrivilege	3648	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1044	216	tor-browser-windows-x86_64-portable-13.0.14.exe	127
PID 216 wrote to memory of 1044	216	tor-browser-windows-x86_64-portable-13.0.14.exe	127
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 1044 wrote to memory of 3648	1044	firefox.exe	128
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 520	3648	firefox.exe	129
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130
PID 3648 wrote to memory of 5156	3648	firefox.exe	130

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4796 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5284 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5380 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5600 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5520 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5556 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5472 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6056 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6588 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6064 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5472 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5644 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=5444 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6476 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=6100 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6188 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6120 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
1⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6492 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7592 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8068 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1536

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1044
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.0.625688139\1593023210" -parentBuildID 20240416150000 -prefsHandle 2396 -prefMapHandle 2436 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7a7795bf-6d4b-4a97-b6d1-deac079f0b02} 3648 gpu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:520
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.1.602417808\1906845615" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2700 -prefsLen 19978 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7af0a761-c85a-4088-a421-a8f1b0da4eb9} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5156
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:9a7a8c0b00ec84176035e0f23ac5610cefdc0ab02b5b3ce2bff77e1666 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3648 DisableNetwork 1
      4⤵
      Executes dropped EXE
      PID:5580
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.2.1260925275\122432806" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {54a8989c-3d3a-4723-a6d2-66d171f76cef} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5608
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.3.941764901\1872632281" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1ce805f1-7e46-4a4d-8afe-e775008bb8ac} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5724
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.4.825891738\999636623" -parentBuildID 20240416150000 -prefsHandle 3756 -prefMapHandle 3924 -prefsLen 22151 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {777879f7-3c13-4526-9de4-e40130abf447} 3648 rdd
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5172
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.5.912533270\1660948025" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 2072 -prefsLen 21021 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8bdcc124-0ca3-4040-85c9-d6368a9ef773} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5592
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.6.446664466\796628504" -childID 5 -isForBrowser -prefsHandle 3344 -prefMapHandle 3372 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {529f2872-2613-4a2f-bd9b-e9e9e190e12e} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3924
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.7.1740678640\2146249676" -childID 6 -isForBrowser -prefsHandle 4412 -prefMapHandle 4416 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5fea8e23-9104-4cf2-99c7-1b638414dd5a} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5224
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.8.77361078\1608892846" -childID 7 -isForBrowser -prefsHandle 2920 -prefMapHandle 1728 -prefsLen 22966 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8e972bc8-3047-420d-965f-087edc9e8333} 3648 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3400
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.9.1093051874\362116371" -childID 8 -isForBrowser -prefsHandle 1784 -prefMapHandle 4780 -prefsLen 23120 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bf21de05-5751-46b4-94b3-aa73209a6bf8} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2772
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.10.1419658384\1191024043" -childID 9 -isForBrowser -prefsHandle 4768 -prefMapHandle 2668 -prefsLen 23120 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8279ecf5-4ba2-4fdb-81dc-e931bb1be6c3} 3648 tab
      4⤵
      Executes dropped EXE
      PID:372
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.11.890427130\1369399030" -childID 10 -isForBrowser -prefsHandle 4224 -prefMapHandle 2876 -prefsLen 23120 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d86bbef1-e5cf-4bad-a164-66c0aa31a61d} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5748
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.12.2103833121\1460730599" -childID 11 -isForBrowser -prefsHandle 4400 -prefMapHandle 4576 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c8ba385d-35b5-4b2c-9a9f-e78a8f8fe658} 3648 tab
      4⤵
      Executes dropped EXE
      PID:4428
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.13.1686326376\1547647416" -childID 12 -isForBrowser -prefsHandle 1492 -prefMapHandle 3312 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {46690d53-e9e0-47a4-a785-f294cfbb03a8} 3648 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6096
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.14.1435167338\1797489749" -childID 13 -isForBrowser -prefsHandle 4296 -prefMapHandle 4364 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b3a493f1-6929-471c-ba84-7e181939868f} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5684
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.15.1920715928\84662496" -childID 14 -isForBrowser -prefsHandle 1872 -prefMapHandle 5100 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0f4c1111-cc24-4461-856a-cc49dbcac2e2} 3648 tab
      4⤵
      Executes dropped EXE
      PID:6012
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.16.409818203\1350343240" -childID 15 -isForBrowser -prefsHandle 4808 -prefMapHandle 3568 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {18eacecb-38b3-4e76-8afe-6c9d5337400a} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5276
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.17.830152272\1874751364" -childID 16 -isForBrowser -prefsHandle 4956 -prefMapHandle 5088 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a627be90-cc74-4201-ad7e-d70d4cc23d80} 3648 tab
      4⤵
      Executes dropped EXE
      PID:3908
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.18.1746171599\420387799" -childID 17 -isForBrowser -prefsHandle 4792 -prefMapHandle 512 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b00a1c47-5ce7-4562-873c-e238b1f6782b} 3648 tab
      4⤵
      Executes dropped EXE
      PID:1160
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.19.1597324422\1759835653" -childID 18 -isForBrowser -prefsHandle 5024 -prefMapHandle 4408 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d80dc2ef-2dae-456b-8b06-b2fb09edfd14} 3648 tab
      4⤵
      Executes dropped EXE
      PID:1056
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.20.2130599137\1169896129" -childID 19 -isForBrowser -prefsHandle 3340 -prefMapHandle 4620 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b7c78dc4-99d8-4cba-ae05-8845eb0a12bd} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5216
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.21.1244061007\220177701" -childID 20 -isForBrowser -prefsHandle 3276 -prefMapHandle 4448 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8b30f58c-504b-4378-8620-1519765bea2d} 3648 tab
      4⤵
      Executes dropped EXE
      PID:6060
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.22.2128506721\1011367096" -childID 21 -isForBrowser -prefsHandle 5100 -prefMapHandle 3368 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3b892162-6655-43ca-a1aa-36250527351f} 3648 tab
      4⤵
      Executes dropped EXE
      PID:4352
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.23.249423402\1049834782" -childID 22 -isForBrowser -prefsHandle 1808 -prefMapHandle 4876 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0307d932-2418-410d-a3ab-c80edaed853a} 3648 tab
      4⤵
      Executes dropped EXE
      PID:4468
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.24.152388875\1590445438" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4668 -prefMapHandle 4352 -prefsLen 25237 -prefMapSize 243660 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {80ff2d84-7628-4d4b-af9f-509f64eb5556} 3648 utility
      4⤵
      Executes dropped EXE
      PID:2772
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.25.517276600\442778539" -childID 23 -isForBrowser -prefsHandle 5540 -prefMapHandle 5548 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {57cf5906-6e3d-4d68-bbec-5b5a32f6902e} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5088
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.26.198108177\1850636934" -childID 24 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1f34273a-f1ae-4171-9a56-a41a6071c15f} 3648 tab
      4⤵
      Executes dropped EXE
      PID:676
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.27.517310348\461930867" -childID 25 -isForBrowser -prefsHandle 2212 -prefMapHandle 3940 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5d07cdd8-08e0-4990-b6ca-73e712cb53c0} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2584
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.28.1431319260\685520003" -childID 26 -isForBrowser -prefsHandle 6252 -prefMapHandle 6248 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f9bff819-2e3b-4c2a-962e-885e21ec7302} 3648 tab
      4⤵
      Executes dropped EXE
      PID:1576
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.29.1302559073\1803515605" -childID 27 -isForBrowser -prefsHandle 3788 -prefMapHandle 512 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fa8c399c-fa81-46d7-a196-9a11faff668e} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2712
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.30.1458312524\608050219" -childID 28 -isForBrowser -prefsHandle 5596 -prefMapHandle 4824 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9915b416-587a-44b1-8762-bf6d205be22a} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2080
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.31.2045948464\693635843" -childID 29 -isForBrowser -prefsHandle 5968 -prefMapHandle 5956 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3c4bfe43-d32f-4a7c-81aa-48f05d5963d8} 3648 tab
      4⤵
      Executes dropped EXE
      PID:1556
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.32.1985952469\790338651" -childID 30 -isForBrowser -prefsHandle 5660 -prefMapHandle 5612 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1b4e766d-b761-424b-b684-b5ff0b0848f1} 3648 tab
      4⤵
      Executes dropped EXE
      PID:924
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.33.1252389856\1415451413" -childID 31 -isForBrowser -prefsHandle 6360 -prefMapHandle 4600 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cbb5efa1-543e-4e70-889f-f28fc6b21104} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2924
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.34.1732113184\1825957087" -childID 32 -isForBrowser -prefsHandle 6684 -prefMapHandle 6680 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {83a9e023-ed2e-4ebe-9a08-59151586dc5d} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2672
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.35.125124708\657462142" -childID 33 -isForBrowser -prefsHandle 6288 -prefMapHandle 6304 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d22b228e-5703-4f39-9b7a-9ae7c667a5d2} 3648 tab
      4⤵
      Executes dropped EXE
      PID:6040
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.36.1340597291\963244942" -childID 34 -isForBrowser -prefsHandle 5364 -prefMapHandle 5628 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3fbbc41c-cfeb-4b2b-b378-f9bd20abf42c} 3648 tab
      4⤵
      Executes dropped EXE
      PID:1708
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.37.609706172\970217930" -childID 35 -isForBrowser -prefsHandle 932 -prefMapHandle 6356 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e6d54935-547e-4552-90a9-1819727ff797} 3648 tab
      4⤵
      Executes dropped EXE
      PID:4252
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.38.1802878778\675714430" -childID 36 -isForBrowser -prefsHandle 4892 -prefMapHandle 5212 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {aa4a58df-76fd-46a4-91d3-5c923c0d719b} 3648 tab
      4⤵
      Executes dropped EXE
      PID:372
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.39.703269135\2115646536" -childID 37 -isForBrowser -prefsHandle 6216 -prefMapHandle 3148 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bd5ed688-c552-43bb-917c-3a3eab7473cd} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5732
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.40.1201266646\1387906808" -childID 38 -isForBrowser -prefsHandle 5860 -prefMapHandle 6888 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {534cea89-6735-45f9-8827-e86c3c74e883} 3648 tab
      4⤵
      Executes dropped EXE
      PID:3952
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.41.1143097752\1089031139" -childID 39 -isForBrowser -prefsHandle 6216 -prefMapHandle 6092 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4ba7a16b-7d73-4b4c-acfc-2e58a76d3776} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5408
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.42.656959159\558596407" -childID 40 -isForBrowser -prefsHandle 5848 -prefMapHandle 4420 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {845aaf3a-2c18-4e07-a183-ca54746d7d40} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5072
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.43.871429558\2078703668" -childID 41 -isForBrowser -prefsHandle 5004 -prefMapHandle 4488 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a228aaca-80cd-4cda-96c7-cf0f09cb7d6c} 3648 tab
      4⤵
      Executes dropped EXE
      PID:3908
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.44.1901939441\1273322078" -childID 42 -isForBrowser -prefsHandle 5740 -prefMapHandle 5988 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {885fa3a1-8e4c-479d-bfcf-ed77910c5b31} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2876
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.45.551986100\1179261459" -childID 43 -isForBrowser -prefsHandle 6812 -prefMapHandle 3028 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b908e585-dc5a-4722-b58f-b189890c31ad} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5996
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.46.174827050\2142363683" -childID 44 -isForBrowser -prefsHandle 4916 -prefMapHandle 3244 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f1b0d670-2432-4de2-a325-f338835ba680} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5328
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.47.366846034\1412875432" -childID 45 -isForBrowser -prefsHandle 6860 -prefMapHandle 5596 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c037d2d1-e975-4999-bbea-b187d042ef26} 3648 tab
      4⤵
      Executes dropped EXE
      PID:5528
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.48.760696869\873596327" -childID 46 -isForBrowser -prefsHandle 5148 -prefMapHandle 4572 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dcffe16f-0aea-48ba-adea-5f04943403be} 3648 tab
      4⤵
      Executes dropped EXE
      PID:3288
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.49.1139876138\1737812229" -childID 47 -isForBrowser -prefsHandle 5492 -prefMapHandle 5952 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {45b339fe-018b-40b2-8ed8-f6688363ca51} 3648 tab
      4⤵
      Executes dropped EXE
      PID:2956
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.50.1913448808\517444409" -childID 48 -isForBrowser -prefsHandle 6100 -prefMapHandle 5148 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {08ae3811-b8fc-41e1-a794-8371b48ee863} 3648 tab
      4⤵
      Executes dropped EXE
      PID:6060
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3648.51.1315125311\1639398226" -childID 49 -isForBrowser -prefsHandle 4904 -prefMapHandle 4680 -prefsLen 23244 -prefMapSize 243660 -jsInitHandle 928 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ca7d3dba-bd5f-4657-8d88-d9ebf3402973} 3648 tab
      4⤵
      Executes dropped EXE
      PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1392 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:5212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nssA3A0.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssA3A0.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssA3A0.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json.tmp

Filesize
27KB

MD5
8112885922ef6b8494e35123e45d152d

SHA1
b06bc0ea7cc5a8215e944c32e834daa1990d9034

SHA256
3485ee37685b957e5d5ecf9030621df2d0e17558c8da049f0418d2cb203d9988

SHA512
0ef5b90b3bff4fa0a3fa8d37b5f433e392743607deb2da3f8316a5aaff2e73a9551b77af6c1ea8fef8413c92b21c0637f7381a54bc3c81bcf6fccc83c84df96a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
f75bbc7738e4ee936f8c2138ebe46061

SHA1
05dc0362ff6a31a957f529ab3beea51044a653a8

SHA256
beda99b0f6a2ae947df3fabe8c73b1763d885fefa2b3cd2191742e0732a3b58b

SHA512
ecc277e29f09ab2bfb37a2132d64e54ddda6b0ba22475dd607acd333e60940f2a8c7802e93cdbe08ce47027e8f8e40f36d8bb694901090341c102389f57430cd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
40b0e0ea815df056e696c94167bd12d6

SHA1
6745630751b96f2c527ced72ac4d1317b322264f

SHA256
0dee2ce12ef9fda14a6ddd0d348ad0a25c3420c3c8d8d95ab7f5e6619bbb8000

SHA512
87955d9c0a63a6ebe2d460ba10add0c16f94fbf4a80297d33b4ff57647cd0b1e876cd6caf900c8c33bb1512529b123e3bf2f45d165c7ab9df0b07202742506d5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
868B

MD5
42d3bd975cd9fe48744540db511da23a

SHA1
a46eb99dc34a655971cd71c3f222ffce35fecef4

SHA256
7005abd79d0cb566dfb53de45882a512ea2bdfbd239d64c4dd248fba4d7cfccd

SHA512
944d7a65e0a1632e18ca2caac635cf653031fb3d3ddf8638eaeed6cdefd92b54b6bb36e330cdc8274f9d0d25d1ef7bd4f6d1e5dee149c04bb567b8cbd44a5a00

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
f6cf4ae5dc2f50650bdd0287aaddf1fa

SHA1
8f2a61b550bbd54e1422d2d09e93b7a0b58a1f5e

SHA256
c9aed5f239f50103d81d364b92ec8f778267ce0d27f0bd184bf8df482e17fc09

SHA512
039b496523bacefe0416e388b7008760e7b7879d1ba16adb379eaef1b1ce7eb2ace5dc5e3afb54ab76c88d3639b4bb10b8e2847fe00d3dcb3c6bf56566174f7c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
72KB

MD5
3a7629a8aa8fcdd498c42d5769c1ae21

SHA1
7e8fbd969be31b7deb1b738405166d77dbe9b474

SHA256
3668591c1d55828dc845b3d34d7c83cb6b4f65108f08173494113bf66009424e

SHA512
e519dad45d829ad186aee714a194185082598a0e8c04a348b13ed0f5abf87c96d7ecc72acae6b1cab772ee67f4d93e3eb84ea4f2592b008dc4bb080c45fbf3c8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.5MB

MD5
ca6e1c74c89bef6f795085725825865b

SHA1
8b1bb07c749e7bf7a78bffde6a7a6ebf503f5f30

SHA256
e79c8cdf118344e5976323de7c26049fe69eea74e9c4a4d527eb8406c8e8eae6

SHA512
bf4e733d0bfd52dc2e1f24296c883ec3822f6e6bde382b3ea4ade42bdc48d59c4852dc64c96907d32d2b2b5c7547b3709e2b381e09ddc28bb02fd7638aa4b0db

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
7.2MB

MD5
a1a45b48a0ce71e7be09e464e8e0c866

SHA1
aaa7e8f36f1eca85049589cf75498e70f8574dbb

SHA256
1cd120e6f37f43df6dce18b2fd2cf6d2d8acc559461061801a95975dfa9b8c90

SHA512
ee8ad08d3db2abc93527e84dcca6e8ad1c4d7196ac3dc11b1e42e60f2fc6bae2e90a6d4b879708893554b3d2c2df01213ddc8d9f6eb3ee82dc227423b4cd44e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.7MB

MD5
683d0bdd9fd1ce8abec5d49c75100c9d

SHA1
e6e79d99d5f6c1a7403ad8d65a93369efafc458c

SHA256
b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820

SHA512
88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

Filesize
198KB

MD5
7b5138efef2c02dda9cfae9917cd913f

SHA1
b44b58f354c4a68e119df226f01ad763b2d1025c

SHA256
9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

SHA512
47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

Filesize
7KB

MD5
bd4c30081a164037311e8712423c5bf2

SHA1
2a13bc7987ca34644b075c1fe197ba293b4ca527

SHA256
bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

SHA512
2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

Filesize
5KB

MD5
34699ac8824cdb6593b4dbef605dd6b2

SHA1
22ff82e35cbb1ac9053f767f404ee351786fe0c2

SHA256
328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

SHA512
fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

Filesize
111KB

MD5
fc6ec655d6a00c567119522854e24172

SHA1
b72baef2dc0aca98cf7d3458cc027f4b0622db08

SHA256
0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

SHA512
0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf

Filesize
80KB

MD5
82f2c632a76dc9922cd85630d0c97db9

SHA1
4558e69543903a058b3d5a7b8f50a6dea8ea50f9

SHA256
60ce1d029e35b432dd68cc9f6c94f69bd84d8c97f28f06130186606dd2c3325d

SHA512
cbfe37179fa4bd8618eade5e5168dcfab9d784586319014692bcfc7f767187e4beee24b3afb471abdd9adde747eaf51648926ed1a790e9f8458152c283fb34e0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf

Filesize
31KB

MD5
bf95af30d1db0fdb374cf646dc81b461

SHA1
6bf52ccaba21c23a9b461af8cfb7574bad6bee3e

SHA256
74cbbe944f25c64f0fd2f158716a648b970e3df714f8ca2644d56f65f5eeee4e

SHA512
52c5fc608d9e771cffc6de8ffcb953240cd445e77c4d65582dba198eec33c247891bed32de7b88c22f177e07c094716210623d1381c4cbb68fc5ad048cc24e3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf

Filesize
92KB

MD5
fd393a7c5b16eba60e38b72b5fa3a2dd

SHA1
d074eb1baea8caf869ba6aba69b9cc9b2fc4568f

SHA256
c052352137ae8d283840a0e2991a675d47859d8fdbae5726d373d4f0d97a8c87

SHA512
30d5c5f5069580186ded817621ad2c6eca338216680c288b249972d420f009fe94f77ef44b106355223a80ade7f9d851a6e6fe6417d2bbbb35b9f0182a1c9180

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf

Filesize
47KB

MD5
bc7e07463581535f8cf124dbfda9bb5f

SHA1
4d59c125be1263685c909b8f1b202194a0087e70

SHA256
e3d5915c74797a084d8525cc5fb8da08d0c1256b7ea75f6687fee3f28d2c58df

SHA512
ccf8477dfc771c00a5a0e3b3cc0bbce06291679f077f24858b1547de4ac21fd21805c1a1ef6ae8a0215b8b956562a349ee32a956ca5750ff8923c6c19335474a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf

Filesize
19KB

MD5
c0d20faa4acd8b886197e897a6ddc7d4

SHA1
64355303ac0b639f0135bb51325b8aee780b11e4

SHA256
9f384e8a75a059b8efcbead73ef5aa3b504ac3e9d218be5368a20b19bfccdeec

SHA512
c7062651d7fdaae6168f65887f1a6d07b95b721efbe3d756f5a1fad58641f2b5fd1a3d732ae4225ee3228454ed1982c7258be70abb41ab9d8ed867915337192f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf

Filesize
229KB

MD5
2358cc51bd1271c89f2c173e684876fa

SHA1
7c30d7317d34ce0503bfd3b24900bd0fa4c6a69b

SHA256
dc0eb899c5852c819bfb30482e6f2ee1e44a4c8cd28f6622a2d4561bf1e3e444

SHA512
873696739807520826aa7c6b825701dc36786d020902eedb6ec7438d9aee71efcf1c6dbedf7bd4dea7604de73e1506f66961f7b5f5c80b7a9e71c73bb3aab264

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf

Filesize
18KB

MD5
1c7297bc694bdb5baba7c1d39f333c63

SHA1
4de6449e4f8d315c91109a741ced09b86c3302c9

SHA256
6d52707e91a77e23f389f42b5da65d7047205e7833041fe0b2cd7ff280e14749

SHA512
91ba1203c4057c930ef08470395c91b03c2618f5decb9bbedd9b37f858a29c63e537c658bcae73fc32fa7e9e11911bba6d0fc540b16e180936c8082ef00f15ca

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf

Filesize
367KB

MD5
de7cf6c6fa2fbc854dcf6d2e2716f1d1

SHA1
f07c1412adb1cc2d742546a25eb66ba63ee3c840

SHA256
f6f7fc379db9438959a2b0527e7a2cf36ea9c84626d56ec444fff37fc24c3c10

SHA512
ee98dc59d2fe843fbcad6eb2009ef865016478ef655dd2f873b4bc45c4e67908aac4b776c5846514d3f80aa4843d1426b797f2c385e7d3ce814d7d96386049b2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf

Filesize
51KB

MD5
61f5441fdfe5be8a1b933ef1ef674ec4

SHA1
07a3c3cbd0f7d2cfef5e74e1c28d5b2ccbca35eb

SHA256
a14c27d89ef15d7855dcf03c6524cd2d98ce7d4374dcd7643b7d07d7ba0f13a5

SHA512
2dc8136cb7f4bb57ae2c7bab7b775c317f6f46e76eeeca93bbb0d9edcde3f35e9420601bf3d6e1043511d02d7447e2b64214a89f02f5b32e30ee347236bfcd78

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf

Filesize
350KB

MD5
a3d0e9dded672781968f021d6f869ae5

SHA1
98af88c343c9b761b0a0b03859fcb1ace7851a40

SHA256
98a079a902bcd5f298cdcf59eeb21bbc8565b4f361e75faba300aac376b842cf

SHA512
e60d5ceb0b82dcb1f58969487a3075bed673881219c082ee78e6102c4cf17122e8537c8b6e58d2f9b8097b5a1902711b743e9e4cbc455dcf3dbb4bac796d8b28

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf

Filesize
201KB

MD5
3853291b52d0b987d15b3595bd792584

SHA1
e7fbec665568bc358510f56c7f610c0b7cc1e9a5

SHA256
c92e0697dc2d2cae1db5a447bd0bb8a690dfdbacbe618841b21cbfc2f483242e

SHA512
0a44cc5cfde9b74da17f81c432f487bc1276c0ad29b01a9d61e535f690b785dec0cba7f2ed828a1b8381050714ebd6309721bdd7b80e6a1ad9b0e9e0af966581

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGunjalaGondi-Regular.ttf

Filesize
68KB

MD5
0f130a6dc9daa7af30009644d0205215

SHA1
c01f161467bb12e9d67c9799662fa64bf28c5b69

SHA256
bdc8ed1739118d7c1be43cb5b435817fb7a5ae0acb32c89b2ddd66e7e9c2d1b3

SHA512
cde4e0cc97cfd3d3c12e9ef837cbbc85c54c5ec72ba354a3cbe8f4ad6a1bc03690066a53bec3c15ae3ef493f419a6b110fd0770cca9ea4b007289ac176d73931

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf

Filesize
53KB

MD5
c7c77c60cb0c224fdb2f031f68c57c83

SHA1
a712f0d05be0cb5f4ff078df580bbfc8ae9d852f

SHA256
658d0207da305a1411c539a8b0bbeda64d4146e54fb4827facddb890b6b90d74

SHA512
bf2aedc9aeffbdb1e9b2d8e0664dbd001bbbd164ae3ebdb3b8d71b4878460026853edffd67fa8c5970fc296863b5f4cb74430f591d6540d3a641b49d32f4d46d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanifiRohingya-Regular.ttf

Filesize
26KB

MD5
e94c7a07b9b1ca1bb14ca57878cca94a

SHA1
5ea22b87920e0f5f5f72d5e1ed59c2b5c823b94e

SHA256
ce453eaf8807a9a410cdc2ebeb7ae009e90b9e611342ac239aa59b794bdcefdb

SHA512
e36ca8e8776010a95565fa8eb95f39aca73011e832d2c12a67455fc5e398dff305977c3bcea55fa9fac9028f6824111f0a9d401117e048c58b1403daa453814f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanunoo-Regular.ttf

Filesize
7KB

MD5
250641d775a2a75290157b7172edc427

SHA1
9f36a194d750b7f44971227b6e27d1e973e321a0

SHA256
ef23d153e9d666becc0d79fa88f0ae21f46138f1285b8eac304661ab35717aed

SHA512
5ead3be49d35b00b4c5f21745da2d010f497e95a12f41bfcc9aa9c3030fdcf909712d76c6500f76222aa0b4abd396f9802d40324fcef63dd811eeb01fffb5641

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
0b2fae3c680dd4292503d1127918e158

SHA1
3ae591bf2a426f38ae5ada27ad1124ba89639b4b

SHA256
a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

SHA512
dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
726abf1280adf3129481b94b2bc644c4

SHA1
404f69e71296f2d199535e8a6d9fb56707fcbc5f

SHA256
8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

SHA512
160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
3e4d1ec1d2a6e85593459601b5a0a828

SHA1
92ee422285282dcb170cbc7808299d14d8d27963

SHA256
eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

SHA512
4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
71747091d34cc634b9ad3c360b45b0a9

SHA1
111cf483836f6a392f64bc9398a327be1c43dfc8

SHA256
6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

SHA512
b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
e1468699efbbd224fcb58707d369985e

SHA1
9a94d87a32cc8a549ce8d7843a3dfa26df350c78

SHA256
5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca

SHA512
2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
17.5MB

MD5
fd87ac3bc042c8394515dac7f25d486a

SHA1
431e4e515b6a7d4a5d654f1685abc9984f468c89

SHA256
e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6

SHA512
c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
784e00a75b5003af81a895f562c5540e

SHA1
44a0835fc56422a742c42c1d9415d2cef189d15c

SHA256
4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda

SHA512
25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
9abca5e3734969278564e8637b74b010

SHA1
9195cbc2b46654b059bb9c72acf6c85a283d0949

SHA256
e50d851fce5acca999684181eb922d1e9de1c7cfd85902d2f8d195ccb93da7b5

SHA512
627e59849b832074823461fd16e068b036c8f6f7853e9895f3779f7466d0be0aeb764175984fcb8a3c3bff96a0622d577583412aa57d54a1375f4bced917f97d

Download Submit
memory/216-29-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/216-12-0x00007FFEABCC0000-0x00007FFEABCCF000-memory.dmp

Filesize
60KB

Download
memory/216-252-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/216-44-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/216-11-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/216-209-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/216-211-0x00007FFEA8C80000-0x00007FFEA8C8D000-memory.dmp

Filesize
52KB

Download
memory/2772-716-0x0000022513050000-0x00000225130BB000-memory.dmp

Filesize
428KB

Download
memory/3400-706-0x0000026E38E00000-0x0000026E38E6B000-memory.dmp

Filesize
428KB

Download
memory/3648-330-0x000002123B1B0000-0x000002123B1C0000-memory.dmp

Filesize
64KB

Download
memory/3648-511-0x0000021240530000-0x0000021240540000-memory.dmp

Filesize
64KB

Download
memory/3648-443-0x0000021240530000-0x0000021240540000-memory.dmp

Filesize
64KB

Download
memory/3924-617-0x0000016E73D80000-0x0000016E73DEB000-memory.dmp

Filesize
428KB

Download
memory/5156-595-0x0000017788540000-0x00000177885AB000-memory.dmp

Filesize
428KB

Download
memory/5156-380-0x00007FFEB2B30000-0x00007FFEB2B31000-memory.dmp

Filesize
4KB

Download
memory/5156-381-0x00007FFEB26E0000-0x00007FFEB26E1000-memory.dmp

Filesize
4KB

Download
memory/5224-619-0x000001D7C80D0000-0x000001D7C813B000-memory.dmp

Filesize
428KB

Download
memory/5592-616-0x000001B792AC0000-0x000001B792B2B000-memory.dmp

Filesize
428KB

Download
memory/5608-602-0x00000205C2A00000-0x00000205C2A6B000-memory.dmp

Filesize
428KB

Download
memory/5724-603-0x000002A03D9F0000-0x000002A03DA5B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads