Malware Analysis Report

2025-08-10 18:08

Sample ID 240507-jccb4aeg9x
Target http://torproject.org/es/download
Tags
bootkit evasion persistence trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://torproject.org/es/download was found to be: Likely malicious.

Malicious Activity Summary

bootkit evasion persistence trojan

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies system certificate store

Checks processor information in registry

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 07:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 07:31

Reported

2024-05-07 07:48

Platform

win10v2004-20240426-es

Max time kernel

1034s

Max time network

1043s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://torproject.org/es/download

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\hydrogen.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595406910431669" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\Downloads\hydrogen.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\melissa.macro.virus.txt:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File created C:\Users\Admin\Downloads\hydrogen.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A
N/A N/A C:\Users\Admin\Downloads\hydrogen.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4328 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4328 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://torproject.org/es/download

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c11cab58,0x7ff9c11cab68,0x7ff9c11cab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:8

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe

"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.14.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.0.1377355962\311229469" -parentBuildID 20240416150000 -prefsHandle 1904 -prefMapHandle 1816 -prefsLen 19248 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b888ebfc-6397-4a5e-97b5-3f0e6a17701b} 2936 gpu

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.1.596139335\2124557053" -childID 1 -isForBrowser -prefsHandle 2120 -prefMapHandle 2088 -prefsLen 20081 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8fd70661-f721-4491-97c3-1ddd843776fe} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.2.1029409099\1233258236" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 20899 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {53a9bdc9-ee9e-4c99-b537-3603eb3dbbd3} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e058c576c80813d5607b06b3b611b2b8e97d3f79b35317974863a27d88 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2936 DisableNetwork 1

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.3.1222518065\2141379154" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 20976 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cacd24f9-a7c3-4068-a0bb-f8bfaf8435d4} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.4.1444322292\1381205479" -parentBuildID 20240416150000 -prefsHandle 2844 -prefMapHandle 3240 -prefsLen 22903 -prefMapSize 243660 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {157b3839-bdc2-4a50-bb82-c712ba932e50} 2936 rdd

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.5.765236286\144484598" -childID 4 -isForBrowser -prefsHandle 4104 -prefMapHandle 3700 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6fecf71-85ed-4353-ba74-81ce75ddccfd} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.6.1241448731\296002150" -childID 5 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {46950bec-9b59-43bf-9aa0-80f9172efa1c} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.7.1403036848\1021930374" -childID 6 -isForBrowser -prefsHandle 1564 -prefMapHandle 1660 -prefsLen 22199 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8958a4bc-5811-4b84-a290-82fc94e63800} 2936 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1016 --field-trial-handle=1884,i,17779405694588369792,4737939396068583641,131072 /prefetch:2

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.8.1532968956\587422692" -childID 7 -isForBrowser -prefsHandle 1276 -prefMapHandle 1680 -prefsLen 22811 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {34599a3a-9827-4f3b-817a-3bd277856287} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.9.2137383484\1506182342" -childID 8 -isForBrowser -prefsHandle 4588 -prefMapHandle 4876 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {40277991-7888-4925-bf6c-c1fc7842b033} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.10.2086350818\316358667" -childID 9 -isForBrowser -prefsHandle 4164 -prefMapHandle 4576 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5a6563be-8922-4a7b-8794-aa36b464414a} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.11.1561029222\1377136256" -childID 10 -isForBrowser -prefsHandle 4912 -prefMapHandle 4492 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7139563e-bcbb-4313-bf13-9b3249f82930} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.12.630418829\931148698" -childID 11 -isForBrowser -prefsHandle 1648 -prefMapHandle 4988 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {67b3a876-fb96-4a45-b95d-09f797ec366e} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.13.1360468336\1903454824" -childID 12 -isForBrowser -prefsHandle 8868 -prefMapHandle 8864 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {871437db-c0e4-4331-bd68-9e95cb508214} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.14.1811479486\1583740450" -childID 13 -isForBrowser -prefsHandle 4440 -prefMapHandle 8856 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f3da1a00-d2ec-43ca-baf8-b1f0070609b5} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.15.592631518\57315452" -childID 14 -isForBrowser -prefsHandle 8748 -prefMapHandle 8756 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c70f1e46-6dad-4a27-89ed-afa8d1f4664a} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.16.1233722700\1188540463" -childID 15 -isForBrowser -prefsHandle 4648 -prefMapHandle 3348 -prefsLen 23176 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {173d0c8f-94c4-47cc-af70-3af6c3dd3541} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.17.1114422689\655640649" -childID 16 -isForBrowser -prefsHandle 8980 -prefMapHandle 8920 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {35a05762-82b6-494b-820b-a9f775dc5910} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.18.1152462475\1772519076" -childID 17 -isForBrowser -prefsHandle 1336 -prefMapHandle 4316 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5440035a-ac8d-4696-ae9d-f2dd04270951} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.19.302040429\271704071" -childID 18 -isForBrowser -prefsHandle 6992 -prefMapHandle 6968 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c3f47f87-90f5-42b3-b178-4b493f4d2e87} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.20.1238895079\2033955132" -childID 19 -isForBrowser -prefsHandle 4352 -prefMapHandle 6944 -prefsLen 23228 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0d52ed89-d11d-4300-8331-560baf791e9e} 2936 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\melissa.macro.virus.txt

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.21.468914469\150049661" -childID 20 -isForBrowser -prefsHandle 4468 -prefMapHandle 4532 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a5fe812c-be8b-41c8-aba0-ad6b450ecc34} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.22.2085398465\151799386" -childID 21 -isForBrowser -prefsHandle 9024 -prefMapHandle 1968 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bef5b245-dc79-45ef-8764-41001abbf48b} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.23.1827198977\1790915392" -childID 22 -isForBrowser -prefsHandle 5244 -prefMapHandle 5164 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eef40829-6ad2-467c-acdc-19f8805b8f5d} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.24.1159057906\588058381" -childID 23 -isForBrowser -prefsHandle 8812 -prefMapHandle 8844 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2b01fa78-833e-4750-ab9f-7fdea2cb7dfe} 2936 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.25.1297080321\54270261" -childID 24 -isForBrowser -prefsHandle 4448 -prefMapHandle 8752 -prefsLen 23268 -prefMapSize 243660 -jsInitHandle 1204 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a43d9ff8-fa7b-4183-9fba-4eee6175ecb0} 2936 tab

C:\Users\Admin\Downloads\hydrogen.exe

"C:\Users\Admin\Downloads\hydrogen.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x240 0x2e4

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 torproject.org udp
FI 95.216.163.36:80 torproject.org tcp
FI 95.216.163.36:80 torproject.org tcp
US 8.8.8.8:53 www.torproject.org udp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.163.216.95.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 165.120.202.116.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
DE 116.202.120.165:443 www.torproject.org tcp
DE 116.202.120.165:443 www.torproject.org tcp
US 8.8.8.8:53 dist.torproject.org udp
US 204.8.99.144:443 dist.torproject.org tcp
DE 116.202.120.165:443 dist.torproject.org tcp
DE 116.202.120.165:443 dist.torproject.org tcp
US 8.8.8.8:53 144.99.8.204.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:56766 tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56917 tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:57024 tcp
DE 80.241.214.102:443 tcp
US 8.8.8.8:53 102.214.241.80.in-addr.arpa udp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
BG 94.156.175.86:9001 tcp
GB 89.21.65.179:25565 tcp
US 8.8.8.8:53 179.65.21.89.in-addr.arpa udp
US 8.8.8.8:53 86.175.156.94.in-addr.arpa udp
US 8.8.8.8:53 www.phpmyadmin.net udp
GB 89.187.167.3:443 www.phpmyadmin.net tcp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
N/A 127.0.0.1:57157 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 58.189.79.40.in-addr.arpa udp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp

Files

\??\pipe\crashpad_4328_FXKNEXEDJIDYMCKE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c05018aebe30cdee55cb343bdf62afa
SHA1 baeee8cd379ee2cc44901d129cf224dbd94831c0
SHA256 4df4eca1814bc0b53c0612243aeb01b18eacb42ea301b58c4ce4e86a56ffd0d5
SHA512 cf83a3af2c5ee195966497ed03e1751dca74947d3398b415243e98472ba708168e2f3c408d256c2b60e048b8548e51b081cfbd444785c35f8b35935db83959a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86fc4e15311627c3e75eb4a296da33f9
SHA1 551c1a31a080156d2bb4f2cdc155d11624961fc6
SHA256 08ac945aaee1cb0385ead7c3480213ff1be97a9c01ed0b18efbda3cb45641cf3
SHA512 ccaa159761374e5cf047c5da7b6ec41f908268f8337b8a42ac2f1a3421b9ff2efbb2413294200a12b173c9bb321e3e48bce8131b2ebd53b8a85ca0803ff72410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 613b5d3efccaf070dbc0f5737b6628c2
SHA1 7e818318b78c3bfcb3800deec447e7cedbff11b7
SHA256 6a6687c748e05192752a590a4ad4d0eb411d2c07ff0de1e090e012611fd9cb00
SHA512 6694546487fb83586db746bb832f1d9334cc8f58742d6fe5a83a48f28adda7ca5f04dae0b860d83260ed5d7eceb1a3db0efd9b3c692eb359bda53c53aee17bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96eec654c30f3a1914afbc65539aa945
SHA1 108c6c75b57e7ea13bb1f9acbd2e97bd8efbfaad
SHA256 ee4659d965e01dbef935fcdf767091f8cb0c427ec8b5838ac36df520823aa10a
SHA512 9c3176b56c04e3f0fb7c8f637dc1816825cd34d88bf2055d34e0fdc79ae61322d1a119e43a33005be5293804ae0065e127e1c50ee3737887ae726fdb41093252

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40ce7b2020058f033464d12996f0ed61
SHA1 67d1515f70bc2d2963d9c80eb7f9d13a64a0f58d
SHA256 1e8c57b3dd8ec5a7cd52932ed6e5d0d62381f570bfc3207f15c6b624095d71f9
SHA512 1ca61b60ebfef2e4b87996b5d6c256fb27b094cbe3ca411c805092f4505f920e667006e3b5405e2ff472bacce51b7ad5e5a375754df4838a5a667e89d95cb195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec235ddb329c0e89c1b3505fbb164062
SHA1 794a28537ec2b28bb73d5b21965fd88eec22e391
SHA256 6c78d5f0c54f4d5dc7b3fdbbcecd4f6c5f7d08fa1f77f584b62adf240060d791
SHA512 56aaac35e89b930f40b3953bea1396b7ccaaff8975dce226023cc83b62199e95e3ca9f8f754e17eb6b15e141a72d25392487e9c32868329c846c3267c609a65f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b89174c22333cec40853542f5e5b136a
SHA1 b08c6bcf6fa782f06395b9e041474e339e251f65
SHA256 a195bf37f6286e1413f62631f95278a65b299e7d531b5468afbda9cd341429f1
SHA512 ca750dee8491e52ed866964845d0b9258a41561e0f8fe531991311c2bf52778098884a301bbb1d8da5edc525a2464c12c6b0209207ccfeb54774ff5e0d616913

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1454290aceb3d429c60850c61529651a
SHA1 d860d1abb7f5bcad5afa46f83fba9c523067967a
SHA256 2119e17bf8c2d473f6c4ed8d4c04c446ce6ec940783a7cc93feae6e5e91a805f
SHA512 1e2e40959f56e1c37f4bd331128f686b5984278783b446458f9821c26961a2f5b33e5b9e9e79333b01d33015606e1f31df6e567dd08490ad4d42e23bd8ad2f5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581306.TMP

MD5 df4302915d1839ee4dfe2cad900ba244
SHA1 af199cc6ef1b13dcc2943f65b539e84593ccb16a
SHA256 298a752dec4abcf558bdfc726922f7cdffb98e8f2b01e702f28a1497bf56421f
SHA512 c73deff698fcdd78343e1f11f6baea138f5895e5d3db2e00563aa8fc6e8acbe72e41afb84aa020ae2a639424ff33816c076bd51557fd74012c2a68e254cf9bb1

C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\System.dll

MD5 480304643eee06e32bfc0ff7e922c5b2
SHA1 383c23b3aba0450416b9fe60e77663ee96bb8359
SHA256 f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce
SHA512 125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\LangDLL.dll

MD5 59888d7d17f0100e5cffe2aca0b3dfaf
SHA1 8563187a53d22f33b90260819624943204924fdc
SHA256 f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3
SHA512 d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ddc644b978bc7a516c3483e22e96c31
SHA1 570a9be90d0733881c89b040c7c26e3a35a96cb4
SHA256 1fbc49571f9fff472f3f45b6dcd88c6c6cd6f8db276a876d14601d3bbadc226a
SHA512 d1192d6991c7ecc0ddeb58ddb426f22a9f523f3d0331169d2f3c044cb2de490c2d033d167c472b2d6b9d385b6108c86e307a145efa6a202f3ee80bcd3761d199

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 facc6057ada164106e17e6fb1b6845e2
SHA1 0d17e9c42642d66e7fae92ddaa458a52f6a2473e
SHA256 c31690054924efc7b5aaa4bc4bc120bb9c809ec83b6e66ebc5e961c3dca02bed
SHA512 f22eac78b926cf6c6648c4fc0047744af72aa00eca1844063d6a8776e336f53a9acdca24f78c7c51f76a79acb8f0e8737eb44b15e0db94aee9eb8623c368730e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 adfa45cb400ac91645838461189cba55
SHA1 31a2f71bb17baae0a50cf18c42eb19171dba37aa
SHA256 f3ea52cc0ea3418bc611b30c2c9d810414e3bf00e268c7a34bd0c8e92d4b7b19
SHA512 47a8ba0846f38456274cc39eb126ffd5d6b3fc48b2bb6ac2d9b7620494343a7042f1d115554553ce0b71240bcac4345083f18b1208f3e068d8c2261f3921e337

memory/880-261-0x00007FF9C0E50000-0x00007FF9C0E5F000-memory.dmp

memory/880-260-0x0000000140000000-0x0000000140070000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsw2FA8.tmp\nsDialogs.dll

MD5 990eb444cf524aa6e436295d5fc1d671
SHA1 ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3
SHA256 46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8
SHA512 d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

memory/880-423-0x0000000140000000-0x0000000140070000-memory.dmp

memory/880-425-0x00007FF9C4C20000-0x00007FF9C4C2D000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

MD5 f93865afc39c217fb695aa8fcf561401
SHA1 7ee87ef43e0d3870a70996237a8aa2c417c127b4
SHA256 2710660327df4dfd0871b8bebd8804f9b8798e3afc89b9d88c81caeb9a2dd080
SHA512 ab70887d350e8532bc7004394929edb9598861a67f5d12b43ca60956caf7eae70eed088842107578fd24f81fd0d95a0492d8f2a0bc6f90405002b27b14531c5b

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

memory/880-472-0x0000000140000000-0x0000000140070000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

MD5 70b1d09d91bc834e84a48a259f7c1ee9
SHA1 592ddaec59f760c0afe677ad3001f4b1a85bb3c0
SHA256 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce
SHA512 b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

MD5 5b0cb2afa381416690d2b48a5534fe41
SHA1 5c7d290a828ca789ea3cf496e563324133d95e06
SHA256 11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c
SHA512 0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

MD5 683d0bdd9fd1ce8abec5d49c75100c9d
SHA1 e6e79d99d5f6c1a7403ad8d65a93369efafc458c
SHA256 b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820
SHA512 88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

MD5 fd87ac3bc042c8394515dac7f25d486a
SHA1 431e4e515b6a7d4a5d654f1685abc9984f468c89
SHA256 e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6
SHA512 c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

MD5 3d84d108d421f30fb3c5ef2536d2a3eb
SHA1 0f3b02737462227a9b9e471f075357c9112f0a68
SHA256 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
SHA512 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

MD5 e1468699efbbd224fcb58707d369985e
SHA1 9a94d87a32cc8a549ce8d7843a3dfa26df350c78
SHA256 5592ed7ea60bcbb38d655619f9db96fe64507f2c7d9ac3e6baddc63b5450c9ca
SHA512 2220000dd37bf7a2891101c2641425e92203805a4f4c9ad82ed70b2af307bd82e0ac1ee8444eebe7063db7482b4a8e065b02a516d87d892549f848312fa6c954

C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

MD5 0b2fae3c680dd4292503d1127918e158
SHA1 3ae591bf2a426f38ae5ada27ad1124ba89639b4b
SHA256 a67ec38faacb85dafa1780ad01133a742716db58bff6d9b1f3ea47e0346d8b61
SHA512 dedc6213d4708821c754301881832b7f84566d56bdbcb2617262893debe916d26dbd45e0011e8186cb8448be2142693ad0a3fdeca9408afbc2b993cc8af93a80

C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

MD5 784e00a75b5003af81a895f562c5540e
SHA1 44a0835fc56422a742c42c1d9415d2cef189d15c
SHA256 4ec32b5d13b04d8cfa1288ce9c8a2f89010c09892289ba9653dea120a9ef7eda
SHA512 25fdc0e0f8c2e5d4b376bb7a8d5946bc6984f56e6c6514932e1860c9d30594db2a6dbc78a60a3e0aefc40e85e3bef8f2f819cf29dc13bcfbeb53987b0b2228ce

memory/2936-544-0x00000234F8450000-0x00000234F8460000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

MD5 e782457ebb0389715abdf5a9e20b3234
SHA1 e0d9ad78d1972d056d015452ed8dee529e8bb24b
SHA256 0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461
SHA512 3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

MD5 34699ac8824cdb6593b4dbef605dd6b2
SHA1 22ff82e35cbb1ac9053f767f404ee351786fe0c2
SHA256 328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6
SHA512 fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

MD5 bd4c30081a164037311e8712423c5bf2
SHA1 2a13bc7987ca34644b075c1fe197ba293b4ca527
SHA256 bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba
SHA512 2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

MD5 7b5138efef2c02dda9cfae9917cd913f
SHA1 b44b58f354c4a68e119df226f01ad763b2d1025c
SHA256 9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba
SHA512 47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

MD5 9390ee64243e5335b79e33e5e8311341
SHA1 c8d4b3ab79f6b12311eb4e4da29e709e583b5870
SHA256 cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef
SHA512 ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

MD5 778376d22591a4a98bf83ac555ddf413
SHA1 608172ca18450b4cc61ff6cc155f66cff55c5bf9
SHA256 8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53
SHA512 e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

MD5 f0b22427c3ddce97435c84ce50239878
SHA1 a4a61de819c79dc743df4c5b152382f7e2e7168d
SHA256 0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084
SHA512 ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

MD5 12764d72c2cee67144991a62e8e0d1c5
SHA1 f61be58fea99ad23ef720fbc189673a6e3fd6a64
SHA256 194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d
SHA512 fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

MD5 ac01114123630edca1bd86dc859c65e7
SHA1 f7e68b5f5e52814121077d40a845a90214b29d41
SHA256 1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c
SHA512 1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

MD5 27dfbbe8ee4015763e3c51d73474e94a
SHA1 4328cdc9a3f9c6b7df0624c81afbd3459f213e40
SHA256 b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e
SHA512 42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

MD5 793eae5fb25086c0e169081b6034a053
SHA1 3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475
SHA256 14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980
SHA512 5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 43499a36c04148258383a9635e0c1ada
SHA1 d4ab56847909058c8d6c45e8d92b0c471aa58458
SHA256 0e17a583bccb64dae7afbaa04b74cc0498587d56b165dcef652b492d91be41b4
SHA512 d380afcd4c5e68505f8ad91e52f766b6ce36c5cf8c8ecbdaa014033fb47fdbdf05271750ef2c168a92afd1216ae30f0f8d98b1fdcaae1ead9f45d8ccfd071cc5

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 43d73b154de7709c875e9e215a65ddd1
SHA1 8b0fb21a695b7e5a037e6fd78b9fcdfa98cf9aa5
SHA256 45f95b57ab100575456a87897592ffa7a5f8a096bbf09cf2fecf646ab0fc139f
SHA512 b449a0777dcc5a19163f32cc7086a5cd9beb8ddf2d57590ed9e4e8d00430f07e908867197e968f143617bd25297b2361814f2438d03e1e40d599602899aa2a20

memory/1456-586-0x00007FF9CCE70000-0x00007FF9CCE71000-memory.dmp

memory/1456-585-0x00007FF9CDD50000-0x00007FF9CDD51000-memory.dmp

memory/2936-597-0x00000234F9E90000-0x00000234F9EA0000-memory.dmp

memory/2936-593-0x00000234F8DF0000-0x00000234F8E00000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 94dee3ea97604c28b30da418b908e51c
SHA1 09df9c99436ef18dfc33dbd49b11ff209682c609
SHA256 989d96b3c64771715ede605d4908ee49d92eaca174d03461719b5d6580a20490
SHA512 2f6749575a6a84ea919033a9aaf4ae3a2d5471bf731e1fad785b79ed6c9aceebe7aa4a3b0ac24ea01d68e48e7876c75abedd89f06636c447a56da82da32da0c6

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1d7717c2da19a99d835ffe2621fef5cd
SHA1 7a13e6ae6cfa4e4b8a69df9c04d56b691105f6d2
SHA256 a62a446554ed648178c4ad5643ceaac2ccf72f4a3afb05fe38350e6f429fa404
SHA512 ab24ac1400275bef67c3116dc8d70d66a93203b55c8e6833b8056c6b63307f1e58343bd67f93f0736334fa0a101956e127e7d32f6de7168da67590654d6fd434

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 31d378af33fba476c6ac0d5bcdb599a6
SHA1 e5a46d951a37bb42b67052d27f17acc7751494e7
SHA256 4b02d63e98454e5a950a765ceaf4a0ac103f689e8414bfb3bf7a55b3847cbf18
SHA512 f79193cfe89127b18c293bcb2c9855b3bdc4fc5686d238374fa717811f79fcc782433406e61e06989b651a7de0539caf2dd5885120ef27cacf38c7b95a5253c6

memory/1456-741-0x000001C94AE00000-0x000001C94AECD000-memory.dmp

memory/2936-760-0x00000234F46E0000-0x00000234F4850000-memory.dmp

memory/3196-776-0x00000246E7490000-0x00000246E755D000-memory.dmp

memory/3280-777-0x000001B0E9B00000-0x000001B0E9BCD000-memory.dmp

memory/5536-778-0x000001FB78A00000-0x000001FB78ACD000-memory.dmp

memory/5588-779-0x000001E95E700000-0x000001E95E7CD000-memory.dmp

memory/5644-780-0x000001FC9BD30000-0x000001FC9BDFD000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 349cbb7d93f4f3cf3eb9aec224a3be3d
SHA1 ae8d8190c72a37fb2dccc58adf4153143ab4df68
SHA256 e78e9388baaa72347ab587cf2cfac0e4467b73271ce41d6da265769d04d6e353
SHA512 25aaab5859da8b96b7f34309d1505a1ef1249f28040bc36094b85e2aecc500c4fd5bb396982093d47a6dfbacb4be8bb68a973be15e3849821d99ce3763d70d4f

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 e05dfc52eed0c014b2cd7532b7c4eaad
SHA1 bfc4f6499a4b62b140332eb99f2fa77a85878490
SHA256 4233160fe79d07364eee29f4343b1855a88cebf2620d69b80dd7e86130ef8f30
SHA512 c2511fe951528f252943f64256a1bdd8510edb1fb40e18800924bfa43b08989939ccabaa1b85e5ffbc19b789256b9cebaabf68a2f4cc00260e558c74a89f7e47

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

MD5 e4be7f5fb1ae210393495caff96bf90e
SHA1 95232e0f54605d4624af549dcd6a9450144802ba
SHA256 ada29c50f8d42593b8ce7865d57a9ac2a3f3808fad35e049dc5a8d79669a49e5
SHA512 2d12117f2e9783146fe3eb54fc6b36d8c93b02f03a7578c4ec42ab6418d9cf7254fc46793a051cce707064bfff4cdb8e846853694694f3f7990eeb8be0f0b77b

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

MD5 245a37ed5525db5233e224565d67c0ac
SHA1 a18d2c293c1f4a9cedaf2cd046e0ee8ea35147bb
SHA256 25175718de753c7623cd14234061dcb69557f658cbf87a4d915f20cfaeb2a808
SHA512 012045887bd9f7f37bce9411bc26f035f6a6cb8141c3f9f773c8f4a638cee096c99eabc867b56290ec88b962b2211b08c9beaaf6e07b0376df0be34fcb7a517b

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 8edfc60bd0a8eb66f2bbc20721085bfa
SHA1 5e6ba80a6bb5be62f083caae7ebe2e5f1cd1dc91
SHA256 4fbefbb453440d454c5aabc897e6431e9c7eafd781156e23083f882d14206a75
SHA512 ffeb0a4f00ea5ba2dec049ecbc14604b312c67d7124fa79dde1ae8b8f93b8c317fc1f360d37c7241ae0f1c5395381ab5fffa35ccdc7f46d6bb0ade7e3e8b4a35

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\aqHpcR3z.txt.part

MD5 5fe5025944f1b46cfb6e77027470049e
SHA1 c8681703378798db313dc21c1876405530b2063d
SHA256 cb7d0825035612cb98b7c930c8c715fc30ff98435aeb95176c899cfcbe606f67
SHA512 d12bcc12a06924589fe180a3399e0987ac5b154253266ac5e1353a08897d34e0b03178db20553b5f6bb1e2f02d3e2b522d728d693b93d36533f616ae4d4bf8ab

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\Downloads\hydrogen.exe

MD5 efdd98ae7ba8aa1a457d6938d554e5bb
SHA1 5adc3d12792396b569bf024676636262bcd9c7ff
SHA256 283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0
SHA512 6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a29bbf46635dfb95de464df411709c1
SHA1 a447ccc7e86d6dd0b25dd3909cad3796792ea323
SHA256 00cefb3e695caeba2f78601140f2bff94a14ff7c657e29fde3e866e4d9e86de4
SHA512 89af355f77156d895fac42bb2d36cc727f6e3c3b94fce1aaeeee34661a1a018df3b183813c735846d2563b9ec0433e60e74c0b941097fb6f5a5384ffbb4f51d5

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 ea2dc6aa41c6fbeec96d265ce8817f3d
SHA1 37c77b18381c17829d81822de0adf24d49683cce
SHA256 78cee790fa16e00677037d2789a5f657ffe741343b6fa71b566976c03f105aff
SHA512 433e81b92ea98f02999ed62e5c0f430b3f670d775ab4eb6c578320d76cce90facc79c828eafc765d10c67f479afce8bb17a6cdd6f3ea7759c9ba44b94ca32f2a

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-05-07_14_YfC3jKOjxeXsQZyFHmMbng==.jsonlz4

MD5 cfd04ab01b4f9e1b1ae8ce069614256c
SHA1 8278bd08932fd6e18d44efc82b6bf4fdc935f0e6
SHA256 5a4a45a175727065a1d92da0be2f6abde3f79b5340137444175b8ddde501e6eb
SHA512 45990ac9405d2aee51b97e438bc4ec141d3c5145bd139a6153b1761432eb233ca6299bbdee1ee363ace9ea6dc6199408fcae34228993e538e5463ddda6beb767