Analysis

  • max time kernel
    1034s
  • max time network
    1043s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    07/05/2024, 07:31

Errors

Reason
Machine shutdown

General

  • Target

    http://torproject.org/es/download

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 40 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://torproject.org/es/download
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4328
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c11cab58,0x7ff9c11cab68,0x7ff9c11cab78
      2⤵
        PID:2924
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2
        2⤵
          PID:892
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
          2⤵
            PID:2424
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
            2⤵
              PID:1848
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
              2⤵
                PID:2268
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
                2⤵
                  PID:4200
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
                  2⤵
                    PID:5032
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                    2⤵
                      PID:1476
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                      2⤵
                        PID:2416
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                        2⤵
                          PID:4492
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                          2⤵
                            PID:4624
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                            2⤵
                              PID:3336
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                              2⤵
                                PID:4900
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                                2⤵
                                  PID:788
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                                  2⤵
                                    PID:3388
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
                                    2⤵
                                      PID:2592
                                    • C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
                                      "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
                                      2⤵
                                      • Checks computer location settings
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Modifies registry class
                                      PID:880
                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                        3⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        PID:1676
                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                          4⤵
                                          • Checks computer location settings
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Checks whether UAC is enabled
                                          • Checks processor information in registry
                                          • Modifies registry class
                                          • NTFS ADS
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2936
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.0.1377355962\311229469" -parentBuildID 20240416150000 -prefsHandle 1904 -prefMapHandle 1816 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b888ebfc-6397-4a5e-97b5-3f0e6a17701b} 2936 gpu
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:2708
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.1.596139335\2124557053" -childID 1 -isForBrowser -prefsHandle 2120 -prefMapHandle 2088 -prefsLen 20081 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8fd70661-f721-4491-97c3-1ddd843776fe} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:1456
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.2.1029409099\1233258236" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {53a9bdc9-ee9e-4c99-b537-3603eb3dbbd3} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:3196
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e058c576c80813d5607b06b3b611b2b8e97d3f79b35317974863a27d88 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2936 DisableNetwork 1
                                            5⤵
                                            • Executes dropped EXE
                                            PID:1728
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.3.1222518065\2141379154" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cacd24f9-a7c3-4068-a0bb-f8bfaf8435d4} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:3280
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.4.1444322292\1381205479" -parentBuildID 20240416150000 -prefsHandle 2844 -prefMapHandle 3240 -prefsLen 22903 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {157b3839-bdc2-4a50-bb82-c712ba932e50} 2936 rdd
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:4376
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.5.765236286\144484598" -childID 4 -isForBrowser -prefsHandle 4104 -prefMapHandle 3700 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6fecf71-85ed-4353-ba74-81ce75ddccfd} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:5536
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.6.1241448731\296002150" -childID 5 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {46950bec-9b59-43bf-9aa0-80f9172efa1c} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:5588
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.7.1403036848\1021930374" -childID 6 -isForBrowser -prefsHandle 1564 -prefMapHandle 1660 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8958a4bc-5811-4b84-a290-82fc94e63800} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:5644
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
                                            5⤵
                                            • Executes dropped EXE
                                            • Modifies system certificate store
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:6100
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.8.1532968956\587422692" -childID 7 -isForBrowser -prefsHandle 1276 -prefMapHandle 1680 -prefsLen 22811 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {34599a3a-9827-4f3b-817a-3bd277856287} 2936 tab
                                            5⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:5472
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.9.2137383484\1506182342" -childID 8 -isForBrowser -prefsHandle 4588 -prefMapHandle 4876 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {40277991-7888-4925-bf6c-c1fc7842b033} 2936 tab
                                            5⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            PID:4968
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.10.2086350818\316358667" -childID 9 -isForBrowser -prefsHandle 4164 -prefMapHandle 4576 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5a6563be-8922-4a7b-8794-aa36b464414a} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:5448
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.11.1561029222\1377136256" -childID 10 -isForBrowser -prefsHandle 4912 -prefMapHandle 4492 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7139563e-bcbb-4313-bf13-9b3249f82930} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:3500
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.12.630418829\931148698" -childID 11 -isForBrowser -prefsHandle 1648 -prefMapHandle 4988 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {67b3a876-fb96-4a45-b95d-09f797ec366e} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:6004
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.13.1360468336\1903454824" -childID 12 -isForBrowser -prefsHandle 8868 -prefMapHandle 8864 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {871437db-c0e4-4331-bd68-9e95cb508214} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:5912
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.14.1811479486\1583740450" -childID 13 -isForBrowser -prefsHandle 4440 -prefMapHandle 8856 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f3da1a00-d2ec-43ca-baf8-b1f0070609b5} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:452
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.15.592631518\57315452" -childID 14 -isForBrowser -prefsHandle 8748 -prefMapHandle 8756 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c70f1e46-6dad-4a27-89ed-afa8d1f4664a} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:5764
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.16.1233722700\1188540463" -childID 15 -isForBrowser -prefsHandle 4648 -prefMapHandle 3348 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {173d0c8f-94c4-47cc-af70-3af6c3dd3541} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:748
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.17.1114422689\655640649" -childID 16 -isForBrowser -prefsHandle 8980 -prefMapHandle 8920 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {35a05762-82b6-494b-820b-a9f775dc5910} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:6072
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.18.1152462475\1772519076" -childID 17 -isForBrowser -prefsHandle 1336 -prefMapHandle 4316 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5440035a-ac8d-4696-ae9d-f2dd04270951} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:1240
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.19.302040429\271704071" -childID 18 -isForBrowser -prefsHandle 6992 -prefMapHandle 6968 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c3f47f87-90f5-42b3-b178-4b493f4d2e87} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:2800
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.20.1238895079\2033955132" -childID 19 -isForBrowser -prefsHandle 4352 -prefMapHandle 6944 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0d52ed89-d11d-4300-8331-560baf791e9e} 2936 tab
                                            5⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            PID:5196
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.21.468914469\150049661" -childID 20 -isForBrowser -prefsHandle 4468 -prefMapHandle 4532 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a5fe812c-be8b-41c8-aba0-ad6b450ecc34} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:3736
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.22.2085398465\151799386" -childID 21 -isForBrowser -prefsHandle 9024 -prefMapHandle 1968 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bef5b245-dc79-45ef-8764-41001abbf48b} 2936 tab
                                            5⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            PID:5612
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.23.1827198977\1790915392" -childID 22 -isForBrowser -prefsHandle 5244 -prefMapHandle 5164 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eef40829-6ad2-467c-acdc-19f8805b8f5d} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:776
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.24.1159057906\588058381" -childID 23 -isForBrowser -prefsHandle 8812 -prefMapHandle 8844 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2b01fa78-833e-4750-ab9f-7fdea2cb7dfe} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:5832
                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.25.1297080321\54270261" -childID 24 -isForBrowser -prefsHandle 4448 -prefMapHandle 8752 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a43d9ff8-fa7b-4183-9fba-4eee6175ecb0} 2936 tab
                                            5⤵
                                            • Executes dropped EXE
                                            PID:3392
                                          • C:\Users\Admin\Downloads\hydrogen.exe
                                            "C:\Users\Admin\Downloads\hydrogen.exe"
                                            5⤵
                                            • Executes dropped EXE
                                            • Writes to the Master Boot Record (MBR)
                                            • Modifies registry class
                                            • Suspicious use of SendNotifyMessage
                                            PID:692
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1016 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:684
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:4824
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:5404
                                      • C:\Windows\system32\NOTEPAD.EXE
                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\melissa.macro.virus.txt
                                        1⤵
                                        • Opens file in notepad (likely ransom note)
                                        PID:3800
                                      • C:\Windows\system32\AUDIODG.EXE
                                        C:\Windows\system32\AUDIODG.EXE 0x240 0x2e4
                                        1⤵
                                          PID:3248
                                        • C:\Windows\system32\OpenWith.exe
                                          C:\Windows\system32\OpenWith.exe -Embedding
                                          1⤵
                                          • Modifies registry class
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2156

                                        Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                168B

                                                MD5

                                                96eec654c30f3a1914afbc65539aa945

                                                SHA1

                                                108c6c75b57e7ea13bb1f9acbd2e97bd8efbfaad

                                                SHA256

                                                ee4659d965e01dbef935fcdf767091f8cb0c427ec8b5838ac36df520823aa10a

                                                SHA512

                                                9c3176b56c04e3f0fb7c8f637dc1816825cd34d88bf2055d34e0fdc79ae61322d1a119e43a33005be5293804ae0065e127e1c50ee3737887ae726fdb41093252

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                216B

                                                MD5

                                                1ddc644b978bc7a516c3483e22e96c31

                                                SHA1

                                                570a9be90d0733881c89b040c7c26e3a35a96cb4

                                                SHA256

                                                1fbc49571f9fff472f3f45b6dcd88c6c6cd6f8db276a876d14601d3bbadc226a

                                                SHA512

                                                d1192d6991c7ecc0ddeb58ddb426f22a9f523f3d0331169d2f3c044cb2de490c2d033d167c472b2d6b9d385b6108c86e307a145efa6a202f3ee80bcd3761d199

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                522B

                                                MD5

                                                613b5d3efccaf070dbc0f5737b6628c2

                                                SHA1

                                                7e818318b78c3bfcb3800deec447e7cedbff11b7

                                                SHA256

                                                6a6687c748e05192752a590a4ad4d0eb411d2c07ff0de1e090e012611fd9cb00

                                                SHA512

                                                6694546487fb83586db746bb832f1d9334cc8f58742d6fe5a83a48f28adda7ca5f04dae0b860d83260ed5d7eceb1a3db0efd9b3c692eb359bda53c53aee17bad

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                688B

                                                MD5

                                                b89174c22333cec40853542f5e5b136a

                                                SHA1

                                                b08c6bcf6fa782f06395b9e041474e339e251f65

                                                SHA256

                                                a195bf37f6286e1413f62631f95278a65b299e7d531b5468afbda9cd341429f1

                                                SHA512

                                                ca750dee8491e52ed866964845d0b9258a41561e0f8fe531991311c2bf52778098884a301bbb1d8da5edc525a2464c12c6b0209207ccfeb54774ff5e0d616913

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                7a29bbf46635dfb95de464df411709c1

                                                SHA1

                                                a447ccc7e86d6dd0b25dd3909cad3796792ea323

                                                SHA256

                                                00cefb3e695caeba2f78601140f2bff94a14ff7c657e29fde3e866e4d9e86de4

                                                SHA512

                                                89af355f77156d895fac42bb2d36cc727f6e3c3b94fce1aaeeee34661a1a018df3b183813c735846d2563b9ec0433e60e74c0b941097fb6f5a5384ffbb4f51d5

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                40ce7b2020058f033464d12996f0ed61

                                                SHA1

                                                67d1515f70bc2d2963d9c80eb7f9d13a64a0f58d

                                                SHA256

                                                1e8c57b3dd8ec5a7cd52932ed6e5d0d62381f570bfc3207f15c6b624095d71f9

                                                SHA512

                                                1ca61b60ebfef2e4b87996b5d6c256fb27b094cbe3ca411c805092f4505f920e667006e3b5405e2ff472bacce51b7ad5e5a375754df4838a5a667e89d95cb195

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                facc6057ada164106e17e6fb1b6845e2

                                                SHA1

                                                0d17e9c42642d66e7fae92ddaa458a52f6a2473e

                                                SHA256

                                                c31690054924efc7b5aaa4bc4bc120bb9c809ec83b6e66ebc5e961c3dca02bed

                                                SHA512

                                                f22eac78b926cf6c6648c4fc0047744af72aa00eca1844063d6a8776e336f53a9acdca24f78c7c51f76a79acb8f0e8737eb44b15e0db94aee9eb8623c368730e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                86fc4e15311627c3e75eb4a296da33f9

                                                SHA1

                                                551c1a31a080156d2bb4f2cdc155d11624961fc6

                                                SHA256

                                                08ac945aaee1cb0385ead7c3480213ff1be97a9c01ed0b18efbda3cb45641cf3

                                                SHA512

                                                ccaa159761374e5cf047c5da7b6ec41f908268f8337b8a42ac2f1a3421b9ff2efbb2413294200a12b173c9bb321e3e48bce8131b2ebd53b8a85ca0803ff72410

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                130KB

                                                MD5

                                                ec235ddb329c0e89c1b3505fbb164062

                                                SHA1

                                                794a28537ec2b28bb73d5b21965fd88eec22e391

                                                SHA256

                                                6c78d5f0c54f4d5dc7b3fdbbcecd4f6c5f7d08fa1f77f584b62adf240060d791

                                                SHA512

                                                56aaac35e89b930f40b3953bea1396b7ccaaff8975dce226023cc83b62199e95e3ca9f8f754e17eb6b15e141a72d25392487e9c32868329c846c3267c609a65f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                130KB

                                                MD5

                                                6c05018aebe30cdee55cb343bdf62afa

                                                SHA1

                                                baeee8cd379ee2cc44901d129cf224dbd94831c0

                                                SHA256

                                                4df4eca1814bc0b53c0612243aeb01b18eacb42ea301b58c4ce4e86a56ffd0d5

                                                SHA512

                                                cf83a3af2c5ee195966497ed03e1751dca74947d3398b415243e98472ba708168e2f3c408d256c2b60e048b8548e51b081cfbd444785c35f8b35935db83959a7

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                Filesize

                                                95KB

                                                MD5

                                                1454290aceb3d429c60850c61529651a

                                                SHA1

                                                d860d1abb7f5bcad5afa46f83fba9c523067967a

                                                SHA256

                                                2119e17bf8c2d473f6c4ed8d4c04c446ce6ec940783a7cc93feae6e5e91a805f

                                                SHA512

                                                1e2e40959f56e1c37f4bd331128f686b5984278783b446458f9821c26961a2f5b33e5b9e9e79333b01d33015606e1f31df6e567dd08490ad4d42e23bd8ad2f5e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                Filesize

                                                103KB

                                                MD5

                                                adfa45cb400ac91645838461189cba55

                                                SHA1

                                                31a2f71bb17baae0a50cf18c42eb19171dba37aa

                                                SHA256

                                                f3ea52cc0ea3418bc611b30c2c9d810414e3bf00e268c7a34bd0c8e92d4b7b19

                                                SHA512

                                                47a8ba0846f38456274cc39eb126ffd5d6b3fc48b2bb6ac2d9b7620494343a7042f1d115554553ce0b71240bcac4345083f18b1208f3e068d8c2261f3921e337

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581306.TMP

                                                Filesize

                                                89KB

                                                MD5

                                                df4302915d1839ee4dfe2cad900ba244

                                                SHA1

                                                af199cc6ef1b13dcc2943f65b539e84593ccb16a

                                                SHA256

                                                298a752dec4abcf558bdfc726922f7cdffb98e8f2b01e702f28a1497bf56421f

                                                SHA512

                                                c73deff698fcdd78343e1f11f6baea138f5895e5d3db2e00563aa8fc6e8acbe72e41afb84aa020ae2a639424ff33816c076bd51557fd74012c2a68e254cf9bb1

                                              • C:\Users\Admin\AppData\Local\Temp\aqHpcR3z.txt.part

                                                Filesize

                                                69KB

                                                MD5

                                                5fe5025944f1b46cfb6e77027470049e

                                                SHA1

                                                c8681703378798db313dc21c1876405530b2063d

                                                SHA256

                                                cb7d0825035612cb98b7c930c8c715fc30ff98435aeb95176c899cfcbe606f67

                                                SHA512

                                                d12bcc12a06924589fe180a3399e0987ac5b154253266ac5e1353a08897d34e0b03178db20553b5f6bb1e2f02d3e2b522d728d693b93d36533f616ae4d4bf8ab

                                              • C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\LangDLL.dll

                                                Filesize

                                                8KB

                                                MD5

                                                59888d7d17f0100e5cffe2aca0b3dfaf

                                                SHA1

                                                8563187a53d22f33b90260819624943204924fdc

                                                SHA256

                                                f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

                                                SHA512

                                                d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

                                              • C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\System.dll

                                                Filesize

                                                25KB

                                                MD5

                                                480304643eee06e32bfc0ff7e922c5b2

                                                SHA1

                                                383c23b3aba0450416b9fe60e77663ee96bb8359

                                                SHA256

                                                f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

                                                SHA512

                                                125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

                                              • C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\nsDialogs.dll

                                                Filesize

                                                14KB

                                                MD5

                                                990eb444cf524aa6e436295d5fc1d671

                                                SHA1

                                                ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

                                                SHA256

                                                46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

                                                SHA512

                                                d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-05-07_14_YfC3jKOjxeXsQZyFHmMbng==.jsonlz4

                                                Filesize

                                                1KB

                                                MD5

                                                cfd04ab01b4f9e1b1ae8ce069614256c

                                                SHA1

                                                8278bd08932fd6e18d44efc82b6bf4fdc935f0e6

                                                SHA256

                                                5a4a45a175727065a1d92da0be2f6abde3f79b5340137444175b8ddde501e6eb

                                                SHA512

                                                45990ac9405d2aee51b97e438bc4ec141d3c5145bd139a6153b1761432eb233ca6299bbdee1ee363ace9ea6dc6199408fcae34228993e538e5463ddda6beb767

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

                                                Filesize

                                                182B

                                                MD5

                                                c58234a092f9d899f0a623e28a4ab9db

                                                SHA1

                                                7398261b70453661c8b84df12e2bde7cbc07474b

                                                SHA256

                                                eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

                                                SHA512

                                                ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

                                                Filesize

                                                182B

                                                MD5

                                                63b1bb87284efe954e1c3ae390e7ee44

                                                SHA1

                                                75b297779e1e2a8009276dd8df4507eb57e4e179

                                                SHA256

                                                b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

                                                SHA512

                                                f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

                                                Filesize

                                                182B

                                                MD5

                                                b1c8aa9861b461806c9e738511edd6ae

                                                SHA1

                                                fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

                                                SHA256

                                                7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

                                                SHA512

                                                841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

                                                Filesize

                                                182B

                                                MD5

                                                7d3d11283370585b060d50a12715851a

                                                SHA1

                                                3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

                                                SHA256

                                                86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

                                                SHA512

                                                a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

                                                Filesize

                                                27KB

                                                MD5

                                                31d378af33fba476c6ac0d5bcdb599a6

                                                SHA1

                                                e5a46d951a37bb42b67052d27f17acc7751494e7

                                                SHA256

                                                4b02d63e98454e5a950a765ceaf4a0ac103f689e8414bfb3bf7a55b3847cbf18

                                                SHA512

                                                f79193cfe89127b18c293bcb2c9855b3bdc4fc5686d238374fa717811f79fcc782433406e61e06989b651a7de0539caf2dd5885120ef27cacf38c7b95a5253c6

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                ea2dc6aa41c6fbeec96d265ce8817f3d

                                                SHA1

                                                37c77b18381c17829d81822de0adf24d49683cce

                                                SHA256

                                                78cee790fa16e00677037d2789a5f657ffe741343b6fa71b566976c03f105aff

                                                SHA512

                                                433e81b92ea98f02999ed62e5c0f430b3f670d775ab4eb6c578320d76cce90facc79c828eafc765d10c67f479afce8bb17a6cdd6f3ea7759c9ba44b94ca32f2a

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

                                                Filesize

                                                5KB

                                                MD5

                                                8edfc60bd0a8eb66f2bbc20721085bfa

                                                SHA1

                                                5e6ba80a6bb5be62f083caae7ebe2e5f1cd1dc91

                                                SHA256

                                                4fbefbb453440d454c5aabc897e6431e9c7eafd781156e23083f882d14206a75

                                                SHA512

                                                ffeb0a4f00ea5ba2dec049ecbc14604b312c67d7124fa79dde1ae8b8f93b8c317fc1f360d37c7241ae0f1c5395381ab5fffa35ccdc7f46d6bb0ade7e3e8b4a35

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

                                                Filesize

                                                5KB

                                                MD5

                                                e05dfc52eed0c014b2cd7532b7c4eaad

                                                SHA1

                                                bfc4f6499a4b62b140332eb99f2fa77a85878490

                                                SHA256

                                                4233160fe79d07364eee29f4343b1855a88cebf2620d69b80dd7e86130ef8f30

                                                SHA512

                                                c2511fe951528f252943f64256a1bdd8510edb1fb40e18800924bfa43b08989939ccabaa1b85e5ffbc19b789256b9cebaabf68a2f4cc00260e558c74a89f7e47

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

                                                Filesize

                                                1KB

                                                MD5

                                                94dee3ea97604c28b30da418b908e51c

                                                SHA1

                                                09df9c99436ef18dfc33dbd49b11ff209682c609

                                                SHA256

                                                989d96b3c64771715ede605d4908ee49d92eaca174d03461719b5d6580a20490

                                                SHA512

                                                2f6749575a6a84ea919033a9aaf4ae3a2d5471bf731e1fad785b79ed6c9aceebe7aa4a3b0ac24ea01d68e48e7876c75abedd89f06636c447a56da82da32da0c6

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

                                                Filesize

                                                5KB

                                                MD5

                                                349cbb7d93f4f3cf3eb9aec224a3be3d

                                                SHA1

                                                ae8d8190c72a37fb2dccc58adf4153143ab4df68

                                                SHA256

                                                e78e9388baaa72347ab587cf2cfac0e4467b73271ce41d6da265769d04d6e353

                                                SHA512

                                                25aaab5859da8b96b7f34309d1505a1ef1249f28040bc36094b85e2aecc500c4fd5bb396982093d47a6dfbacb4be8bb68a973be15e3849821d99ce3763d70d4f

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

                                                Filesize

                                                733B

                                                MD5

                                                43499a36c04148258383a9635e0c1ada

                                                SHA1

                                                d4ab56847909058c8d6c45e8d92b0c471aa58458

                                                SHA256

                                                0e17a583bccb64dae7afbaa04b74cc0498587d56b165dcef652b492d91be41b4

                                                SHA512

                                                d380afcd4c5e68505f8ad91e52f766b6ce36c5cf8c8ecbdaa014033fb47fdbdf05271750ef2c168a92afd1216ae30f0f8d98b1fdcaae1ead9f45d8ccfd071cc5

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                Filesize

                                                72KB

                                                MD5

                                                43d73b154de7709c875e9e215a65ddd1

                                                SHA1

                                                8b0fb21a695b7e5a037e6fd78b9fcdfa98cf9aa5

                                                SHA256

                                                45f95b57ab100575456a87897592ffa7a5f8a096bbf09cf2fecf646ab0fc139f

                                                SHA512

                                                b449a0777dcc5a19163f32cc7086a5cd9beb8ddf2d57590ed9e4e8d00430f07e908867197e968f143617bd25297b2361814f2438d03e1e40d599602899aa2a20

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                Filesize

                                                72KB

                                                MD5

                                                1d7717c2da19a99d835ffe2621fef5cd

                                                SHA1

                                                7a13e6ae6cfa4e4b8a69df9c04d56b691105f6d2

                                                SHA256

                                                a62a446554ed648178c4ad5643ceaac2ccf72f4a3afb05fe38350e6f429fa404

                                                SHA512

                                                ab24ac1400275bef67c3116dc8d70d66a93203b55c8e6833b8056c6b63307f1e58343bd67f93f0736334fa0a101956e127e7d32f6de7168da67590654d6fd434

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

                                                Filesize

                                                103B

                                                MD5

                                                5b0cb2afa381416690d2b48a5534fe41

                                                SHA1

                                                5c7d290a828ca789ea3cf496e563324133d95e06

                                                SHA256

                                                11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

                                                SHA512

                                                0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

                                                Filesize

                                                2.4MB

                                                MD5

                                                e4be7f5fb1ae210393495caff96bf90e

                                                SHA1

                                                95232e0f54605d4624af549dcd6a9450144802ba

                                                SHA256

                                                ada29c50f8d42593b8ce7865d57a9ac2a3f3808fad35e049dc5a8d79669a49e5

                                                SHA512

                                                2d12117f2e9783146fe3eb54fc6b36d8c93b02f03a7578c4ec42ab6418d9cf7254fc46793a051cce707064bfff4cdb8e846853694694f3f7990eeb8be0f0b77b

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

                                                Filesize

                                                6.1MB

                                                MD5

                                                245a37ed5525db5233e224565d67c0ac

                                                SHA1

                                                a18d2c293c1f4a9cedaf2cd046e0ee8ea35147bb

                                                SHA256

                                                25175718de753c7623cd14234061dcb69557f658cbf87a4d915f20cfaeb2a808

                                                SHA512

                                                012045887bd9f7f37bce9411bc26f035f6a6cb8141c3f9f773c8f4a638cee096c99eabc867b56290ec88b962b2211b08c9beaaf6e07b0376df0be34fcb7a517b

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

                                                Filesize

                                                24.7MB

                                                MD5

                                                683d0bdd9fd1ce8abec5d49c75100c9d

                                                SHA1

                                                e6e79d99d5f6c1a7403ad8d65a93369efafc458c

                                                SHA256

                                                b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820

                                                SHA512

                                                88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

                                                Filesize

                                                429B

                                                MD5

                                                3d84d108d421f30fb3c5ef2536d2a3eb

                                                SHA1

                                                0f3b02737462227a9b9e471f075357c9112f0a68

                                                SHA256

                                                7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

                                                SHA512

                                                76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

                                                Filesize

                                                42B

                                                MD5

                                                70b1d09d91bc834e84a48a259f7c1ee9

                                                SHA1

                                                592ddaec59f760c0afe677ad3001f4b1a85bb3c0

                                                SHA256

                                                2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

                                                SHA512

                                                b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

                                                Filesize

                                                930KB

                                                MD5

                                                a3fb2788945937b22e92eeeb30fb4f15

                                                SHA1

                                                8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

                                                SHA256

                                                05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

                                                SHA512

                                                4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

                                                Filesize

                                                1.7MB

                                                MD5

                                                65aa9b0f57d72e4d70e9226322221adc

                                                SHA1

                                                85fec174d0977afd8c0100c9d9b53c958e1949bf

                                                SHA256

                                                51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

                                                SHA512

                                                f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

                                                Filesize

                                                297B

                                                MD5

                                                793eae5fb25086c0e169081b6034a053

                                                SHA1

                                                3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

                                                SHA256

                                                14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

                                                SHA512

                                                5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

                                                Filesize

                                                225KB

                                                MD5

                                                27dfbbe8ee4015763e3c51d73474e94a

                                                SHA1

                                                4328cdc9a3f9c6b7df0624c81afbd3459f213e40

                                                SHA256

                                                b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

                                                SHA512

                                                42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

                                                Filesize

                                                589KB

                                                MD5

                                                e782457ebb0389715abdf5a9e20b3234

                                                SHA1

                                                e0d9ad78d1972d056d015452ed8dee529e8bb24b

                                                SHA256

                                                0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

                                                SHA512

                                                3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

                                                Filesize

                                                91KB

                                                MD5

                                                ac01114123630edca1bd86dc859c65e7

                                                SHA1

                                                f7e68b5f5e52814121077d40a845a90214b29d41

                                                SHA256

                                                1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

                                                SHA512

                                                1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

                                                Filesize

                                                128KB

                                                MD5

                                                12764d72c2cee67144991a62e8e0d1c5

                                                SHA1

                                                f61be58fea99ad23ef720fbc189673a6e3fd6a64

                                                SHA256

                                                194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

                                                SHA512

                                                fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

                                                Filesize

                                                224KB

                                                MD5

                                                f0b22427c3ddce97435c84ce50239878

                                                SHA1

                                                a4a61de819c79dc743df4c5b152382f7e2e7168d

                                                SHA256

                                                0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

                                                SHA512

                                                ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

                                                Filesize

                                                7KB

                                                MD5

                                                778376d22591a4a98bf83ac555ddf413

                                                SHA1

                                                608172ca18450b4cc61ff6cc155f66cff55c5bf9

                                                SHA256

                                                8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

                                                SHA512

                                                e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

                                                Filesize

                                                21KB

                                                MD5

                                                9390ee64243e5335b79e33e5e8311341

                                                SHA1

                                                c8d4b3ab79f6b12311eb4e4da29e709e583b5870

                                                SHA256

                                                cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

                                                SHA512

                                                ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

                                                Filesize

                                                198KB

                                                MD5

                                                7b5138efef2c02dda9cfae9917cd913f

                                                SHA1

                                                b44b58f354c4a68e119df226f01ad763b2d1025c

                                                SHA256

                                                9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

                                                SHA512

                                                47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

                                                Filesize

                                                7KB

                                                MD5

                                                bd4c30081a164037311e8712423c5bf2

                                                SHA1

                                                2a13bc7987ca34644b075c1fe197ba293b4ca527

                                                SHA256

                                                bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

                                                SHA512

                                                2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

                                                Filesize

                                                5KB

                                                MD5

                                                34699ac8824cdb6593b4dbef605dd6b2

                                                SHA1

                                                22ff82e35cbb1ac9053f767f404ee351786fe0c2

                                                SHA256

                                                328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

                                                SHA512

                                                fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

                                                Filesize

                                                690KB

                                                MD5

                                                0b2fae3c680dd4292503d1127918e158

                                                SHA1

                                                3ae591bf2a426f38ae5ada27ad1124ba89639b4b

                                                SHA256

                                                a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61

                                                SHA512

                                                dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

                                                Filesize

                                                43KB

                                                MD5

                                                726abf1280adf3129481b94b2bc644c4

                                                SHA1

                                                404f69e71296f2d199535e8a6d9fb56707fcbc5f

                                                SHA256

                                                8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

                                                SHA512

                                                160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

                                                Filesize

                                                1.4MB

                                                MD5

                                                3e4d1ec1d2a6e85593459601b5a0a828

                                                SHA1

                                                92ee422285282dcb170cbc7808299d14d8d27963

                                                SHA256

                                                eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

                                                SHA512

                                                4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

                                                Filesize

                                                2.5MB

                                                MD5

                                                71747091d34cc634b9ad3c360b45b0a9

                                                SHA1

                                                111cf483836f6a392f64bc9398a327be1c43dfc8

                                                SHA256

                                                6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

                                                SHA512

                                                b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

                                                Filesize

                                                472KB

                                                MD5

                                                e1468699efbbd224fcb58707d369985e

                                                SHA1

                                                9a94d87a32cc8a549ce8d7843a3dfa26df350c78

                                                SHA256

                                                5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca

                                                SHA512

                                                2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

                                                Filesize

                                                17.5MB

                                                MD5

                                                fd87ac3bc042c8394515dac7f25d486a

                                                SHA1

                                                431e4e515b6a7d4a5d654f1685abc9984f468c89

                                                SHA256

                                                e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6

                                                SHA512

                                                c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

                                                Filesize

                                                288KB

                                                MD5

                                                784e00a75b5003af81a895f562c5540e

                                                SHA1

                                                44a0835fc56422a742c42c1d9415d2cef189d15c

                                                SHA256

                                                4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda

                                                SHA512

                                                25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

                                              • C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

                                                Filesize

                                                829B

                                                MD5

                                                f93865afc39c217fb695aa8fcf561401

                                                SHA1

                                                7ee87ef43e0d3870a70996237a8aa2c417c127b4

                                                SHA256

                                                2710660327df4dfd0871b8bebd8804f9b8798e3afc89b9d88c81caeb9a2dd080

                                                SHA512

                                                ab70887d350e8532bc7004394929edb9598861a67f5d12b43ca60956caf7eae70eed088842107578fd24f81fd0d95a0492d8f2a0bc6f90405002b27b14531c5b

                                              • C:\Users\Admin\Downloads\hydrogen.exe

                                                Filesize

                                                128KB

                                                MD5

                                                efdd98ae7ba8aa1a457d6938d554e5bb

                                                SHA1

                                                5adc3d12792396b569bf024676636262bcd9c7ff

                                                SHA256

                                                283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

                                                SHA512

                                                6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

                                              • memory/880-472-0x0000000140000000-0x0000000140070000-memory.dmp

                                                Filesize

                                                448KB

                                              • memory/880-261-0x00007FF9C0E50000-0x00007FF9C0E5F000-memory.dmp

                                                Filesize

                                                60KB

                                              • memory/880-260-0x0000000140000000-0x0000000140070000-memory.dmp

                                                Filesize

                                                448KB

                                              • memory/880-423-0x0000000140000000-0x0000000140070000-memory.dmp

                                                Filesize

                                                448KB

                                              • memory/880-425-0x00007FF9C4C20000-0x00007FF9C4C2D000-memory.dmp

                                                Filesize

                                                52KB

                                              • memory/1456-586-0x00007FF9CCE70000-0x00007FF9CCE71000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/1456-585-0x00007FF9CDD50000-0x00007FF9CDD51000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/1456-741-0x000001C94AE00000-0x000001C94AECD000-memory.dmp

                                                Filesize

                                                820KB

                                              • memory/2936-593-0x00000234F8DF0000-0x00000234F8E00000-memory.dmp

                                                Filesize

                                                64KB

                                              • memory/2936-597-0x00000234F9E90000-0x00000234F9EA0000-memory.dmp

                                                Filesize

                                                64KB

                                              • memory/2936-544-0x00000234F8450000-0x00000234F8460000-memory.dmp

                                                Filesize

                                                64KB

                                              • memory/2936-760-0x00000234F46E0000-0x00000234F4850000-memory.dmp

                                                Filesize

                                                1.4MB

                                              • memory/3196-776-0x00000246E7490000-0x00000246E755D000-memory.dmp

                                                Filesize

                                                820KB

                                              • memory/3280-777-0x000001B0E9B00000-0x000001B0E9BCD000-memory.dmp

                                                Filesize

                                                820KB

                                              • memory/5536-778-0x000001FB78A00000-0x000001FB78ACD000-memory.dmp

                                                Filesize

                                                820KB

                                              • memory/5588-779-0x000001E95E700000-0x000001E95E7CD000-memory.dmp

                                                Filesize

                                                820KB

                                              • memory/5644-780-0x000001FC9BD30000-0x000001FC9BDFD000-memory.dmp

                                                Filesize

                                                820KB