Analysis Overview
Threat Level: Likely malicious
The file http://torproject.org/es/download was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies system certificate store
Checks processor information in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 07:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 07:31
Reported
2024-05-07 07:48
Platform
win10v2004-20240426-es
Max time kernel
1034s
Max time network
1043s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\hydrogen.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595406910431669" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Users\Admin\Downloads\hydrogen.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\melissa.macro.virus.txt:Zone.Identifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\hydrogen.exe:Zone.Identifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://torproject.org/es/download
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c11cab58,0x7ff9c11cab68,0x7ff9c11cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.0.1377355962\311229469" -parentBuildID 20240416150000 -prefsHandle 1904 -prefMapHandle 1816 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b888ebfc-6397-4a5e-97b5-3f0e6a17701b} 2936 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.1.596139335\2124557053" -childID 1 -isForBrowser -prefsHandle 2120 -prefMapHandle 2088 -prefsLen 20081 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8fd70661-f721-4491-97c3-1ddd843776fe} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.2.1029409099\1233258236" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {53a9bdc9-ee9e-4c99-b537-3603eb3dbbd3} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e058c576c80813d5607b06b3b611b2b8e97d3f79b35317974863a27d88 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2936 DisableNetwork 1
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.3.1222518065\2141379154" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cacd24f9-a7c3-4068-a0bb-f8bfaf8435d4} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.4.1444322292\1381205479" -parentBuildID 20240416150000 -prefsHandle 2844 -prefMapHandle 3240 -prefsLen 22903 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {157b3839-bdc2-4a50-bb82-c712ba932e50} 2936 rdd
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.5.765236286\144484598" -childID 4 -isForBrowser -prefsHandle 4104 -prefMapHandle 3700 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6fecf71-85ed-4353-ba74-81ce75ddccfd} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.6.1241448731\296002150" -childID 5 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {46950bec-9b59-43bf-9aa0-80f9172efa1c} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.7.1403036848\1021930374" -childID 6 -isForBrowser -prefsHandle 1564 -prefMapHandle 1660 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8958a4bc-5811-4b84-a290-82fc94e63800} 2936 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1016 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.8.1532968956\587422692" -childID 7 -isForBrowser -prefsHandle 1276 -prefMapHandle 1680 -prefsLen 22811 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {34599a3a-9827-4f3b-817a-3bd277856287} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.9.2137383484\1506182342" -childID 8 -isForBrowser -prefsHandle 4588 -prefMapHandle 4876 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {40277991-7888-4925-bf6c-c1fc7842b033} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.10.2086350818\316358667" -childID 9 -isForBrowser -prefsHandle 4164 -prefMapHandle 4576 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5a6563be-8922-4a7b-8794-aa36b464414a} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.11.1561029222\1377136256" -childID 10 -isForBrowser -prefsHandle 4912 -prefMapHandle 4492 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7139563e-bcbb-4313-bf13-9b3249f82930} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.12.630418829\931148698" -childID 11 -isForBrowser -prefsHandle 1648 -prefMapHandle 4988 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {67b3a876-fb96-4a45-b95d-09f797ec366e} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.13.1360468336\1903454824" -childID 12 -isForBrowser -prefsHandle 8868 -prefMapHandle 8864 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {871437db-c0e4-4331-bd68-9e95cb508214} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.14.1811479486\1583740450" -childID 13 -isForBrowser -prefsHandle 4440 -prefMapHandle 8856 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f3da1a00-d2ec-43ca-baf8-b1f0070609b5} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.15.592631518\57315452" -childID 14 -isForBrowser -prefsHandle 8748 -prefMapHandle 8756 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c70f1e46-6dad-4a27-89ed-afa8d1f4664a} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.16.1233722700\1188540463" -childID 15 -isForBrowser -prefsHandle 4648 -prefMapHandle 3348 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {173d0c8f-94c4-47cc-af70-3af6c3dd3541} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.17.1114422689\655640649" -childID 16 -isForBrowser -prefsHandle 8980 -prefMapHandle 8920 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {35a05762-82b6-494b-820b-a9f775dc5910} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.18.1152462475\1772519076" -childID 17 -isForBrowser -prefsHandle 1336 -prefMapHandle 4316 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5440035a-ac8d-4696-ae9d-f2dd04270951} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.19.302040429\271704071" -childID 18 -isForBrowser -prefsHandle 6992 -prefMapHandle 6968 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c3f47f87-90f5-42b3-b178-4b493f4d2e87} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.20.1238895079\2033955132" -childID 19 -isForBrowser -prefsHandle 4352 -prefMapHandle 6944 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0d52ed89-d11d-4300-8331-560baf791e9e} 2936 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\melissa.macro.virus.txt
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.21.468914469\150049661" -childID 20 -isForBrowser -prefsHandle 4468 -prefMapHandle 4532 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a5fe812c-be8b-41c8-aba0-ad6b450ecc34} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.22.2085398465\151799386" -childID 21 -isForBrowser -prefsHandle 9024 -prefMapHandle 1968 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bef5b245-dc79-45ef-8764-41001abbf48b} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.23.1827198977\1790915392" -childID 22 -isForBrowser -prefsHandle 5244 -prefMapHandle 5164 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eef40829-6ad2-467c-acdc-19f8805b8f5d} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.24.1159057906\588058381" -childID 23 -isForBrowser -prefsHandle 8812 -prefMapHandle 8844 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2b01fa78-833e-4750-ab9f-7fdea2cb7dfe} 2936 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.25.1297080321\54270261" -childID 24 -isForBrowser -prefsHandle 4448 -prefMapHandle 8752 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a43d9ff8-fa7b-4183-9fba-4eee6175ecb0} 2936 tab
C:\Users\Admin\Downloads\hydrogen.exe
"C:\Users\Admin\Downloads\hydrogen.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x2e4
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | torproject.org | udp |
| FI | 95.216.163.36:80 | torproject.org | tcp |
| FI | 95.216.163.36:80 | torproject.org | tcp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.163.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.120.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| DE | 116.202.120.165:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 204.8.99.144:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| DE | 116.202.120.165:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 144.99.8.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:56766 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:56917 | tcp | |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:57024 | tcp | |
| DE | 80.241.214.102:443 | tcp | |
| US | 8.8.8.8:53 | 102.214.241.80.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| BG | 94.156.175.86:9001 | tcp | |
| GB | 89.21.65.179:25565 | tcp | |
| US | 8.8.8.8:53 | 179.65.21.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.175.156.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.phpmyadmin.net | udp |
| GB | 89.187.167.3:443 | www.phpmyadmin.net | tcp |
| US | 8.8.8.8:53 | 3.167.187.89.in-addr.arpa | udp |
| N/A | 127.0.0.1:57157 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 58.189.79.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
\??\pipe\crashpad_4328_FXKNEXEDJIDYMCKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6c05018aebe30cdee55cb343bdf62afa |
| SHA1 | baeee8cd379ee2cc44901d129cf224dbd94831c0 |
| SHA256 | 4df4eca1814bc0b53c0612243aeb01b18eacb42ea301b58c4ce4e86a56ffd0d5 |
| SHA512 | cf83a3af2c5ee195966497ed03e1751dca74947d3398b415243e98472ba708168e2f3c408d256c2b60e048b8548e51b081cfbd444785c35f8b35935db83959a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86fc4e15311627c3e75eb4a296da33f9 |
| SHA1 | 551c1a31a080156d2bb4f2cdc155d11624961fc6 |
| SHA256 | 08ac945aaee1cb0385ead7c3480213ff1be97a9c01ed0b18efbda3cb45641cf3 |
| SHA512 | ccaa159761374e5cf047c5da7b6ec41f908268f8337b8a42ac2f1a3421b9ff2efbb2413294200a12b173c9bb321e3e48bce8131b2ebd53b8a85ca0803ff72410 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 613b5d3efccaf070dbc0f5737b6628c2 |
| SHA1 | 7e818318b78c3bfcb3800deec447e7cedbff11b7 |
| SHA256 | 6a6687c748e05192752a590a4ad4d0eb411d2c07ff0de1e090e012611fd9cb00 |
| SHA512 | 6694546487fb83586db746bb832f1d9334cc8f58742d6fe5a83a48f28adda7ca5f04dae0b860d83260ed5d7eceb1a3db0efd9b3c692eb359bda53c53aee17bad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 96eec654c30f3a1914afbc65539aa945 |
| SHA1 | 108c6c75b57e7ea13bb1f9acbd2e97bd8efbfaad |
| SHA256 | ee4659d965e01dbef935fcdf767091f8cb0c427ec8b5838ac36df520823aa10a |
| SHA512 | 9c3176b56c04e3f0fb7c8f637dc1816825cd34d88bf2055d34e0fdc79ae61322d1a119e43a33005be5293804ae0065e127e1c50ee3737887ae726fdb41093252 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40ce7b2020058f033464d12996f0ed61 |
| SHA1 | 67d1515f70bc2d2963d9c80eb7f9d13a64a0f58d |
| SHA256 | 1e8c57b3dd8ec5a7cd52932ed6e5d0d62381f570bfc3207f15c6b624095d71f9 |
| SHA512 | 1ca61b60ebfef2e4b87996b5d6c256fb27b094cbe3ca411c805092f4505f920e667006e3b5405e2ff472bacce51b7ad5e5a375754df4838a5a667e89d95cb195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ec235ddb329c0e89c1b3505fbb164062 |
| SHA1 | 794a28537ec2b28bb73d5b21965fd88eec22e391 |
| SHA256 | 6c78d5f0c54f4d5dc7b3fdbbcecd4f6c5f7d08fa1f77f584b62adf240060d791 |
| SHA512 | 56aaac35e89b930f40b3953bea1396b7ccaaff8975dce226023cc83b62199e95e3ca9f8f754e17eb6b15e141a72d25392487e9c32868329c846c3267c609a65f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b89174c22333cec40853542f5e5b136a |
| SHA1 | b08c6bcf6fa782f06395b9e041474e339e251f65 |
| SHA256 | a195bf37f6286e1413f62631f95278a65b299e7d531b5468afbda9cd341429f1 |
| SHA512 | ca750dee8491e52ed866964845d0b9258a41561e0f8fe531991311c2bf52778098884a301bbb1d8da5edc525a2464c12c6b0209207ccfeb54774ff5e0d616913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1454290aceb3d429c60850c61529651a |
| SHA1 | d860d1abb7f5bcad5afa46f83fba9c523067967a |
| SHA256 | 2119e17bf8c2d473f6c4ed8d4c04c446ce6ec940783a7cc93feae6e5e91a805f |
| SHA512 | 1e2e40959f56e1c37f4bd331128f686b5984278783b446458f9821c26961a2f5b33e5b9e9e79333b01d33015606e1f31df6e567dd08490ad4d42e23bd8ad2f5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581306.TMP
| MD5 | df4302915d1839ee4dfe2cad900ba244 |
| SHA1 | af199cc6ef1b13dcc2943f65b539e84593ccb16a |
| SHA256 | 298a752dec4abcf558bdfc726922f7cdffb98e8f2b01e702f28a1497bf56421f |
| SHA512 | c73deff698fcdd78343e1f11f6baea138f5895e5d3db2e00563aa8fc6e8acbe72e41afb84aa020ae2a639424ff33816c076bd51557fd74012c2a68e254cf9bb1 |
C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\System.dll
| MD5 | 480304643eee06e32bfc0ff7e922c5b2 |
| SHA1 | 383c23b3aba0450416b9fe60e77663ee96bb8359 |
| SHA256 | f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce |
| SHA512 | 125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642 |
C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\LangDLL.dll
| MD5 | 59888d7d17f0100e5cffe2aca0b3dfaf |
| SHA1 | 8563187a53d22f33b90260819624943204924fdc |
| SHA256 | f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3 |
| SHA512 | d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ddc644b978bc7a516c3483e22e96c31 |
| SHA1 | 570a9be90d0733881c89b040c7c26e3a35a96cb4 |
| SHA256 | 1fbc49571f9fff472f3f45b6dcd88c6c6cd6f8db276a876d14601d3bbadc226a |
| SHA512 | d1192d6991c7ecc0ddeb58ddb426f22a9f523f3d0331169d2f3c044cb2de490c2d033d167c472b2d6b9d385b6108c86e307a145efa6a202f3ee80bcd3761d199 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | facc6057ada164106e17e6fb1b6845e2 |
| SHA1 | 0d17e9c42642d66e7fae92ddaa458a52f6a2473e |
| SHA256 | c31690054924efc7b5aaa4bc4bc120bb9c809ec83b6e66ebc5e961c3dca02bed |
| SHA512 | f22eac78b926cf6c6648c4fc0047744af72aa00eca1844063d6a8776e336f53a9acdca24f78c7c51f76a79acb8f0e8737eb44b15e0db94aee9eb8623c368730e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | adfa45cb400ac91645838461189cba55 |
| SHA1 | 31a2f71bb17baae0a50cf18c42eb19171dba37aa |
| SHA256 | f3ea52cc0ea3418bc611b30c2c9d810414e3bf00e268c7a34bd0c8e92d4b7b19 |
| SHA512 | 47a8ba0846f38456274cc39eb126ffd5d6b3fc48b2bb6ac2d9b7620494343a7042f1d115554553ce0b71240bcac4345083f18b1208f3e068d8c2261f3921e337 |
memory/880-261-0x00007FF9C0E50000-0x00007FF9C0E5F000-memory.dmp
memory/880-260-0x0000000140000000-0x0000000140070000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\nsDialogs.dll
| MD5 | 990eb444cf524aa6e436295d5fc1d671 |
| SHA1 | ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3 |
| SHA256 | 46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8 |
| SHA512 | d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27 |
memory/880-423-0x0000000140000000-0x0000000140070000-memory.dmp
memory/880-425-0x00007FF9C4C20000-0x00007FF9C4C2D000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk
| MD5 | f93865afc39c217fb695aa8fcf561401 |
| SHA1 | 7ee87ef43e0d3870a70996237a8aa2c417c127b4 |
| SHA256 | 2710660327df4dfd0871b8bebd8804f9b8798e3afc89b9d88c81caeb9a2dd080 |
| SHA512 | ab70887d350e8532bc7004394929edb9598861a67f5d12b43ca60956caf7eae70eed088842107578fd24f81fd0d95a0492d8f2a0bc6f90405002b27b14531c5b |
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
memory/880-472-0x0000000140000000-0x0000000140070000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
| MD5 | 70b1d09d91bc834e84a48a259f7c1ee9 |
| SHA1 | 592ddaec59f760c0afe677ad3001f4b1a85bb3c0 |
| SHA256 | 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce |
| SHA512 | b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
| MD5 | 5b0cb2afa381416690d2b48a5534fe41 |
| SHA1 | 5c7d290a828ca789ea3cf496e563324133d95e06 |
| SHA256 | 11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c |
| SHA512 | 0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e |
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja
| MD5 | 683d0bdd9fd1ce8abec5d49c75100c9d |
| SHA1 | e6e79d99d5f6c1a7403ad8d65a93369efafc458c |
| SHA256 | b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820 |
| SHA512 | 88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece |
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja
| MD5 | fd87ac3bc042c8394515dac7f25d486a |
| SHA1 | 431e4e515b6a7d4a5d654f1685abc9984f468c89 |
| SHA256 | e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6 |
| SHA512 | c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864 |
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
| MD5 | 3d84d108d421f30fb3c5ef2536d2a3eb |
| SHA1 | 0f3b02737462227a9b9e471f075357c9112f0a68 |
| SHA256 | 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b |
| SHA512 | 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll
| MD5 | e1468699efbbd224fcb58707d369985e |
| SHA1 | 9a94d87a32cc8a549ce8d7843a3dfa26df350c78 |
| SHA256 | 5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca |
| SHA512 | 2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954 |
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll
| MD5 | 0b2fae3c680dd4292503d1127918e158 |
| SHA1 | 3ae591bf2a426f38ae5ada27ad1124ba89639b4b |
| SHA256 | a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61 |
| SHA512 | dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80 |
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll
| MD5 | 784e00a75b5003af81a895f562c5540e |
| SHA1 | 44a0835fc56422a742c42c1d9415d2cef189d15c |
| SHA256 | 4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda |
| SHA512 | 25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce |
memory/2936-544-0x00000234F8450000-0x00000234F8460000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf
| MD5 | e782457ebb0389715abdf5a9e20b3234 |
| SHA1 | e0d9ad78d1972d056d015452ed8dee529e8bb24b |
| SHA256 | 0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461 |
| SHA512 | 3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf
| MD5 | 34699ac8824cdb6593b4dbef605dd6b2 |
| SHA1 | 22ff82e35cbb1ac9053f767f404ee351786fe0c2 |
| SHA256 | 328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6 |
| SHA512 | fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
| MD5 | bd4c30081a164037311e8712423c5bf2 |
| SHA1 | 2a13bc7987ca34644b075c1fe197ba293b4ca527 |
| SHA256 | bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba |
| SHA512 | 2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf
| MD5 | 7b5138efef2c02dda9cfae9917cd913f |
| SHA1 | b44b58f354c4a68e119df226f01ad763b2d1025c |
| SHA256 | 9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba |
| SHA512 | 47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf
| MD5 | 9390ee64243e5335b79e33e5e8311341 |
| SHA1 | c8d4b3ab79f6b12311eb4e4da29e709e583b5870 |
| SHA256 | cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef |
| SHA512 | ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf
| MD5 | 778376d22591a4a98bf83ac555ddf413 |
| SHA1 | 608172ca18450b4cc61ff6cc155f66cff55c5bf9 |
| SHA256 | 8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53 |
| SHA512 | e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf
| MD5 | f0b22427c3ddce97435c84ce50239878 |
| SHA1 | a4a61de819c79dc743df4c5b152382f7e2e7168d |
| SHA256 | 0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084 |
| SHA512 | ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf
| MD5 | 12764d72c2cee67144991a62e8e0d1c5 |
| SHA1 | f61be58fea99ad23ef720fbc189673a6e3fd6a64 |
| SHA256 | 194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d |
| SHA512 | fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf
| MD5 | ac01114123630edca1bd86dc859c65e7 |
| SHA1 | f7e68b5f5e52814121077d40a845a90214b29d41 |
| SHA256 | 1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c |
| SHA512 | 1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf
| MD5 | 27dfbbe8ee4015763e3c51d73474e94a |
| SHA1 | 4328cdc9a3f9c6b7df0624c81afbd3459f213e40 |
| SHA256 | b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e |
| SHA512 | 42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt
| MD5 | 793eae5fb25086c0e169081b6034a053 |
| SHA1 | 3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475 |
| SHA256 | 14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980 |
| SHA512 | 5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 43499a36c04148258383a9635e0c1ada |
| SHA1 | d4ab56847909058c8d6c45e8d92b0c471aa58458 |
| SHA256 | 0e17a583bccb64dae7afbaa04b74cc0498587d56b165dcef652b492d91be41b4 |
| SHA512 | d380afcd4c5e68505f8ad91e52f766b6ce36c5cf8c8ecbdaa014033fb47fdbdf05271750ef2c168a92afd1216ae30f0f8d98b1fdcaae1ead9f45d8ccfd071cc5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 43d73b154de7709c875e9e215a65ddd1 |
| SHA1 | 8b0fb21a695b7e5a037e6fd78b9fcdfa98cf9aa5 |
| SHA256 | 45f95b57ab100575456a87897592ffa7a5f8a096bbf09cf2fecf646ab0fc139f |
| SHA512 | b449a0777dcc5a19163f32cc7086a5cd9beb8ddf2d57590ed9e4e8d00430f07e908867197e968f143617bd25297b2361814f2438d03e1e40d599602899aa2a20 |
memory/1456-586-0x00007FF9CCE70000-0x00007FF9CCE71000-memory.dmp
memory/1456-585-0x00007FF9CDD50000-0x00007FF9CDD51000-memory.dmp
memory/2936-597-0x00000234F9E90000-0x00000234F9EA0000-memory.dmp
memory/2936-593-0x00000234F8DF0000-0x00000234F8E00000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 94dee3ea97604c28b30da418b908e51c |
| SHA1 | 09df9c99436ef18dfc33dbd49b11ff209682c609 |
| SHA256 | 989d96b3c64771715ede605d4908ee49d92eaca174d03461719b5d6580a20490 |
| SHA512 | 2f6749575a6a84ea919033a9aaf4ae3a2d5471bf731e1fad785b79ed6c9aceebe7aa4a3b0ac24ea01d68e48e7876c75abedd89f06636c447a56da82da32da0c6 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1d7717c2da19a99d835ffe2621fef5cd |
| SHA1 | 7a13e6ae6cfa4e4b8a69df9c04d56b691105f6d2 |
| SHA256 | a62a446554ed648178c4ad5643ceaac2ccf72f4a3afb05fe38350e6f429fa404 |
| SHA512 | ab24ac1400275bef67c3116dc8d70d66a93203b55c8e6833b8056c6b63307f1e58343bd67f93f0736334fa0a101956e127e7d32f6de7168da67590654d6fd434 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | 31d378af33fba476c6ac0d5bcdb599a6 |
| SHA1 | e5a46d951a37bb42b67052d27f17acc7751494e7 |
| SHA256 | 4b02d63e98454e5a950a765ceaf4a0ac103f689e8414bfb3bf7a55b3847cbf18 |
| SHA512 | f79193cfe89127b18c293bcb2c9855b3bdc4fc5686d238374fa717811f79fcc782433406e61e06989b651a7de0539caf2dd5885120ef27cacf38c7b95a5253c6 |
memory/1456-741-0x000001C94AE00000-0x000001C94AECD000-memory.dmp
memory/2936-760-0x00000234F46E0000-0x00000234F4850000-memory.dmp
memory/3196-776-0x00000246E7490000-0x00000246E755D000-memory.dmp
memory/3280-777-0x000001B0E9B00000-0x000001B0E9BCD000-memory.dmp
memory/5536-778-0x000001FB78A00000-0x000001FB78ACD000-memory.dmp
memory/5588-779-0x000001E95E700000-0x000001E95E7CD000-memory.dmp
memory/5644-780-0x000001FC9BD30000-0x000001FC9BDFD000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 349cbb7d93f4f3cf3eb9aec224a3be3d |
| SHA1 | ae8d8190c72a37fb2dccc58adf4153143ab4df68 |
| SHA256 | e78e9388baaa72347ab587cf2cfac0e4467b73271ce41d6da265769d04d6e353 |
| SHA512 | 25aaab5859da8b96b7f34309d1505a1ef1249f28040bc36094b85e2aecc500c4fd5bb396982093d47a6dfbacb4be8bb68a973be15e3849821d99ce3763d70d4f |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | e05dfc52eed0c014b2cd7532b7c4eaad |
| SHA1 | bfc4f6499a4b62b140332eb99f2fa77a85878490 |
| SHA256 | 4233160fe79d07364eee29f4343b1855a88cebf2620d69b80dd7e86130ef8f30 |
| SHA512 | c2511fe951528f252943f64256a1bdd8510edb1fb40e18800924bfa43b08989939ccabaa1b85e5ffbc19b789256b9cebaabf68a2f4cc00260e558c74a89f7e47 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
| MD5 | e4be7f5fb1ae210393495caff96bf90e |
| SHA1 | 95232e0f54605d4624af549dcd6a9450144802ba |
| SHA256 | ada29c50f8d42593b8ce7865d57a9ac2a3f3808fad35e049dc5a8d79669a49e5 |
| SHA512 | 2d12117f2e9783146fe3eb54fc6b36d8c93b02f03a7578c4ec42ab6418d9cf7254fc46793a051cce707064bfff4cdb8e846853694694f3f7990eeb8be0f0b77b |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
| MD5 | 245a37ed5525db5233e224565d67c0ac |
| SHA1 | a18d2c293c1f4a9cedaf2cd046e0ee8ea35147bb |
| SHA256 | 25175718de753c7623cd14234061dcb69557f658cbf87a4d915f20cfaeb2a808 |
| SHA512 | 012045887bd9f7f37bce9411bc26f035f6a6cb8141c3f9f773c8f4a638cee096c99eabc867b56290ec88b962b2211b08c9beaaf6e07b0376df0be34fcb7a517b |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 8edfc60bd0a8eb66f2bbc20721085bfa |
| SHA1 | 5e6ba80a6bb5be62f083caae7ebe2e5f1cd1dc91 |
| SHA256 | 4fbefbb453440d454c5aabc897e6431e9c7eafd781156e23083f882d14206a75 |
| SHA512 | ffeb0a4f00ea5ba2dec049ecbc14604b312c67d7124fa79dde1ae8b8f93b8c317fc1f360d37c7241ae0f1c5395381ab5fffa35ccdc7f46d6bb0ade7e3e8b4a35 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\AppData\Local\Temp\aqHpcR3z.txt.part
| MD5 | 5fe5025944f1b46cfb6e77027470049e |
| SHA1 | c8681703378798db313dc21c1876405530b2063d |
| SHA256 | cb7d0825035612cb98b7c930c8c715fc30ff98435aeb95176c899cfcbe606f67 |
| SHA512 | d12bcc12a06924589fe180a3399e0987ac5b154253266ac5e1353a08897d34e0b03178db20553b5f6bb1e2f02d3e2b522d728d693b93d36533f616ae4d4bf8ab |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\Downloads\hydrogen.exe
| MD5 | efdd98ae7ba8aa1a457d6938d554e5bb |
| SHA1 | 5adc3d12792396b569bf024676636262bcd9c7ff |
| SHA256 | 283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0 |
| SHA512 | 6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a29bbf46635dfb95de464df411709c1 |
| SHA1 | a447ccc7e86d6dd0b25dd3909cad3796792ea323 |
| SHA256 | 00cefb3e695caeba2f78601140f2bff94a14ff7c657e29fde3e866e4d9e86de4 |
| SHA512 | 89af355f77156d895fac42bb2d36cc727f6e3c3b94fce1aaeeee34661a1a018df3b183813c735846d2563b9ec0433e60e74c0b941097fb6f5a5384ffbb4f51d5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | ea2dc6aa41c6fbeec96d265ce8817f3d |
| SHA1 | 37c77b18381c17829d81822de0adf24d49683cce |
| SHA256 | 78cee790fa16e00677037d2789a5f657ffe741343b6fa71b566976c03f105aff |
| SHA512 | 433e81b92ea98f02999ed62e5c0f430b3f670d775ab4eb6c578320d76cce90facc79c828eafc765d10c67f479afce8bb17a6cdd6f3ea7759c9ba44b94ca32f2a |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-05-07_14_YfC3jKOjxeXsQZyFHmMbng==.jsonlz4
| MD5 | cfd04ab01b4f9e1b1ae8ce069614256c |
| SHA1 | 8278bd08932fd6e18d44efc82b6bf4fdc935f0e6 |
| SHA256 | 5a4a45a175727065a1d92da0be2f6abde3f79b5340137444175b8ddde501e6eb |
| SHA512 | 45990ac9405d2aee51b97e438bc4ec141d3c5145bd139a6153b1761432eb233ca6299bbdee1ee363ace9ea6dc6199408fcae34228993e538e5463ddda6beb767 |