hxxps://www[.]torproject[.]org/download/

Analysis

max time kernel
1049s
max time network
1048s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.torproject.org/download/

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.15.exe

Executes dropped EXE 19 IoCs

pid	Process
4688	tor-browser-windows-x86_64-portable-13.0.15.exe
4736	firefox.exe
2752	firefox.exe
4600	firefox.exe
4328	firefox.exe
5060	firefox.exe
4704	tor.exe
620	firefox.exe
1284	firefox.exe
4776	firefox.exe
4724	firefox.exe
3528	firefox.exe
2584	lyrebird.exe
3572	lyrebird.exe
4076	lyrebird.exe
2144	lyrebird.exe
5056	firefox.exe
4396	firefox.exe
2232	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4688	tor-browser-windows-x86_64-portable-13.0.15.exe
4688	tor-browser-windows-x86_64-portable-13.0.15.exe
4688	tor-browser-windows-x86_64-portable-13.0.15.exe
4736	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
2752	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4600	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
620	firefox.exe
620	firefox.exe
620	firefox.exe
620	firefox.exe
5060	firefox.exe
5060	firefox.exe
4328	firefox.exe
4328	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4724	firefox.exe
4724	firefox.exe
4724	firefox.exe
4724	firefox.exe
3528	firefox.exe
3528	firefox.exe
3528	firefox.exe
3528	firefox.exe
3528	firefox.exe
3528	firefox.exe
4724	firefox.exe
4724	firefox.exe
4776	firefox.exe
4776	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610437529081902"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.15.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	lyrebird.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	lyrebird.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
5072	chrome.exe
5072	chrome.exe
2584	lyrebird.exe
2584	lyrebird.exe
3572	lyrebird.exe
3572	lyrebird.exe
4076	lyrebird.exe
4076	lyrebird.exe
2144	lyrebird.exe
2144	lyrebird.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2752	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2360	1692	chrome.exe	84
PID 1692 wrote to memory of 2360	1692	chrome.exe	84
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 3848	1692	chrome.exe	85
PID 1692 wrote to memory of 876	1692	chrome.exe	86
PID 1692 wrote to memory of 876	1692	chrome.exe	86
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87
PID 1692 wrote to memory of 3992	1692	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.torproject.org/download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87912ab58,0x7ff87912ab68,0x7ff87912ab78
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5848 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5968 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5884 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5908 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2748 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1168 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5844 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6108 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=296 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1908,i,11364826799080628841,7735180237321228573,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.15.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.15.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4688
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4736
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.0.644281595\933941137" -parentBuildID 20240510150000 -prefsHandle 2636 -prefMapHandle 2648 -prefsLen 19248 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1c5149ef-49ad-46c0-ae9e-4671fb236812} 2752 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4600
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.1.1299255672\1164448205" -childID 1 -isForBrowser -prefsHandle 2268 -prefMapHandle 2264 -prefsLen 20081 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fbafe34c-0e06-4ce5-bbbc-02f956af4452} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4328
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:8e39c63e53c86adc60879c7ef3123c1f1988d7a397dd1e282ccc41d566 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2752 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:4704
      - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        TorBrowser\Tor\PluggableTransports\lyrebird.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2144
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.2.1257887351\1581042494" -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 3380 -prefsLen 20899 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1f4263bb-129c-4ac8-b6e0-502082fac37f} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5060
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.3.1728471570\1891302216" -childID 3 -isForBrowser -prefsHandle 2408 -prefMapHandle 3480 -prefsLen 20976 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {46f3e41f-b60f-4833-976e-f4f4f9c31d64} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:620
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.4.838919244\1100529720" -parentBuildID 20240510150000 -prefsHandle 2352 -prefMapHandle 3760 -prefsLen 22903 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f3bfa9f7-5ce2-4117-bf46-13f4a14e3cea} 2752 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1284
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.5.1884983464\1230459911" -childID 4 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {96d1ee7a-065d-484f-b189-199ba81385c9} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4776
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.6.1166812313\312452174" -childID 5 -isForBrowser -prefsHandle 4184 -prefMapHandle 1684 -prefsLen 22248 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b75038e7-a04c-4439-8397-6f996f2fa097} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4724
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.7.1822326590\362899945" -childID 6 -isForBrowser -prefsHandle 4504 -prefMapHandle 4508 -prefsLen 22248 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0804c863-33e6-4ebb-bda1-6393bd7619aa} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3528
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        
        PID:2584
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3572
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4076
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.8.1775403808\736439255" -childID 7 -isForBrowser -prefsHandle 1668 -prefMapHandle 3960 -prefsLen 22959 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c648b6fe-f0e5-4aad-aa55-0523e2dc92b2} 2752 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5056
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.9.2068587294\699087013" -childID 8 -isForBrowser -prefsHandle 4672 -prefMapHandle 4352 -prefsLen 23119 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {80189a45-dc01-483a-9008-580a7281253e} 2752 tab
        5⤵
        Executes dropped EXE
        
        PID:4396
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.10.107734760\720169169" -childID 9 -isForBrowser -prefsHandle 4964 -prefMapHandle 4676 -prefsLen 23119 -prefMapSize 243824 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4ec85c2d-7a77-4cb3-aa65-d45b7fc0f6cd} 2752 tab
        5⤵
        Executes dropped EXE
        
        PID:2232

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
552B

MD5
07f60d72585536e123bbf5606ba1db84

SHA1
ce81d4625b9b871c8306bc2cefbab0ff48c3282a

SHA256
98d36025c507fc518c3c98a083252c7646680414f82679dcbb1f21cf87d9cd7f

SHA512
44350fc6fa2ef900d9faaf3b22a9140b2f467f8f2a6b0ec06bfbfd0294d303c792efd5736b2fc19b8ab080f68e681ce031bd5b407de89f3b8cd6f0084e90d718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e4b3ede9c7c1943964e22483652f41a2

SHA1
02de3677dedad1e64d9a73d5230cc9cb5d41da47

SHA256
6b14e63fb3986e00edbda019b2d54f2743c92ff5ee4df9987b874acd3ff00d85

SHA512
8216e234a294e4eb80bde4005752c8568c011115a06e2f1f16e4b4df0994baad9351ff07c839eb0a0e8a0a7b81077c4269eacc062d2bf945b42385ef252cab1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
00e4a74f31146a78d1ab0612dac9771c

SHA1
767ae1e402fcb875f2c0d2361572a1290d8c77e3

SHA256
8cd6b699c809b9141e6524aa64a812dd05e9f8d6b499f3e03117ac455defb831

SHA512
dddce41acd057cb49f55222ddb0f99eb2280bb224d9642959d0c9d11280553298340f3387554efc59c3978cd78e3b9e3ac64826ea189f8a361bccd2e00b6356f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c7d778d242eb1dcba12d09dc6897380d

SHA1
3d9fb910154277b5497e16e631a86299537f0669

SHA256
d15f6210bf982d59b87a861f6f18d6f825f71ae9db53f4f819ad0238bf31deb5

SHA512
847da24c438f5ed42f2ce7a7fb38d422798ea6b18334e1a57bd8f895ee64bd26a48da83808c364cc0209cbf32804b2459e63d944f589ce5ac7aafbeb07821b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2025e862158a606d5a26b3e078167131

SHA1
6ea81a166ca9b40029c494ae0e9ed33da4ebace0

SHA256
6605e16f8c36f0d2eb9dbdfc060d86c423bbd392eb9888bab1f9fb35dee1c78c

SHA512
8559c3a2a3e12f184424c6d9ab40f3b97dffbf6bd8def655c0964046373a34326008b1a37e81a0a674f39abf60df18fb3ac380bd11cd7f8ea4d445e73d12c6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
13e70e21243e6f6f6a129394f15cd78c

SHA1
dcaf1fdf8d902a5d44a32b7a12b364f1582388ba

SHA256
aef84deae928e4f65c2db485365d29fe0fcae93654e891dd1eae21e8c6b4e9e2

SHA512
895734e6a68194086aa4bd345552793388e0d6e119305234a813073ad47d4edcca4569f2a508f58b42e78b576ba236582244b0898e05caade4712bbaff5020e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5419ef2f40fa9b9c1d33baf93d0089ca

SHA1
bd41fdf4dc2b1ff3bf9fdcafb360d84720522237

SHA256
e8245e6285cb1dfd5a855c2ca5b789423490f7580bf657b2591b823e93a4a8f6

SHA512
a8b529621252ac0c0d5cd8dbb33a8ef5633e12cdeacb74165cc1bad08a919b914034b83780cbb9bc8d0ff62bd0a09fcd35407da865e893c754760902eacfc8b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f3a1b7661634334155d2ccad6426ec32

SHA1
ff3fda95a94c7c9a121c123a43241efbb7deae08

SHA256
dd67abe26939900316442b8195d89e4ffcae4655582b88d65f4aa90224fe0b89

SHA512
45a974fc7fbc9165a0292f29ada259596233c77ad4fbcddecccf76f099f64a8f5509c2d373dfee7ff3850fd4e031b58c551a53fbe2c500ce15fe6bd165adf83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dccf81d7e9fa3c0e202774ab76ed925a

SHA1
d1f89790e7070535c593da404e21d3654de2b0f6

SHA256
1b9dd3057f31ed5447c6c59b8993db94fb041ce8a9ae8ac564540237516625d0

SHA512
7b72827bcaa24923bdc2523d519602edbd69d2044880bf385408ff279105deb0b71b8ec8e2eb4051f02edb98addfc8e48a210ac7206624f11ba52c963e46ed68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7d15853766066fbbf2d7a7d3641267ad

SHA1
d6c1cb0fc245345aa8e3de5f128c81475af2dd7f

SHA256
202cce8bc7382e43e3bfe57d3dc30f6c85ecef229ae137a26060f2cbda95cd19

SHA512
65ff338cc2a369d6d9d0575f6f7cb19c969f4bdf40e519c9c6db31ce6e400a789550af5b3ba36836f9a9b119822eb30d0bbb5690c273b68635a067109f81596a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4e2fff8e27d2294aa03bd29fe038a000

SHA1
ada080d9f98bd302b175323c9a50a7a565e7ce42

SHA256
b4d2895ddc63dd8c695c18d2d7fb03cf0a313ec9b5b22f229940e606da2061f7

SHA512
ed9d0ef90fc2dc4b379b820d397d5ff9ffc50eacdaa16043f8776437b2173d2ef075089eb5e6c8e62f97a8ecff001bee66a6f3a2bc7ec06bed2c26528a64febf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c26b3b457232fe1a8a434f9dc7fef03b

SHA1
b9e8db37874616405b096bfa418de3653b1a7fe8

SHA256
e7c5f5767caaabe153adaaab4e06d7a1e372272f2e4c2d8fb875cccab785306d

SHA512
7fbed2927b8d1c03b196454a32fb16bd323b09a4aa7ed3571a348fe6707d3f916c3698713c5f3cbb63921adb85d74ab937788cd022b084e188412a6962c70f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b4c1007241e76b8d07dd91d13d55d47e

SHA1
c4c830516133900b96412419e31e7decf573ec97

SHA256
8fea44f0fbf9e2861c4304f855dfdea2f60d7f48929cf274fb27cb6f50731757

SHA512
77f8215f21d5703b2a96e7b30c8797f2cd7069e3fd5f496c61537d3920693bf9ebfab7d11d598cd0a593a67cc59b36830a72281c2e2390c0b6d8a17aefc829f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
eed19f3353533c9745a3505d13d0d43e

SHA1
3436c4e5d3b27fceb3c1111665608d2772f2c2f7

SHA256
b2d67aa923864a2c274cea09a0a69951d0950f1923c76f1f0c162406dbf90f8e

SHA512
07e5c05f8eac52644de6d9c8acfe16264f469697f261c5138f03418928e8fdd8913d642a7cd8eeebb9fd1e6f00f6acf35c9e3950b259b50f1035a95369f61d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0744e23dc9d405a0893b02e34b2168eb

SHA1
ec85b7cf6e5dd49e9befbe451450da5ddfcfba78

SHA256
95ac2125a7fafbaaa8087b2624898292a48b5bdbe58ddb6d0f4edbd7e561252d

SHA512
1111b0e34b496dd88731a724a8e954ef17a9af9b12f4938d623572c5bffc43f0dc7f213dde14959ddff31c738644fbf6cb15c12f45a3b3a83cf11c97d9611141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7eaa19c7fe2199ed37b818fb54c3ab3c

SHA1
0c04bf190ced460b4166c530f27beffbcb3b1ba8

SHA256
620329d4260f4f2b73f812562ed6e2e7202e5415f887b3acf66bc0fd6db9b755

SHA512
a1868696af1ea87ace085fc4dcc6281a386fe2aa6ee6e076a9a6507cae48bd3b6f64948bb7c5ca24a8d4a67516759936d5413bd03ca82ff65158220a823374ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
8a4b645d257fbfc44c5403106d85a664

SHA1
36ff54d50056897ea01e5c0bf081d136a9815190

SHA256
324777c7631acdb95266e97516b06c4551ed25cc111bcdb072b03cc6060cf5d0

SHA512
78985e88bf7a6478d45f9746653020361d23fb656a43552e4c344cbf8bd93c5be4378c247e5deaa6e0ff00e5900a412a86d7cb0ec1dec1190bb90f98748c5a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
93ea7d0b8a7fb3afcbc0c8a381e2b329

SHA1
da7db6cf8c9981f47dff6a830f3583dcc7c70553

SHA256
5e39292052f48785d898f18c44ebeae28202d73b0d712bf5ce7fb958cd0e19f6

SHA512
2745a12591311d20d24c265dba9a1b76e2db197b17b25fca68c16247abe9bd356312e7dc6bdf236a26529c31bd7216802669f4450997a7863dafb1719efc8d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3ebb647fdd416872213da2550746a4fb

SHA1
0815a74299b3415da2cbe82890e4c52f9f60a6f1

SHA256
2d8b79ac65a337ba32db80da9598b69e373c074f4107f7c6cb39bc988edf3870

SHA512
8ac57c1e66655a7c25d689eb71199d3b56b8ba17567bfe91b2ac43c32d232a2a68972aa75c32b4f00f51ba7c0678c523fcca9bf8cbb4ad46f82ae8172500d561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
c497ce371a4db8591ad4183b8457f1ce

SHA1
2eb8c14570bff362127a48e9439749596fd59a50

SHA256
8e925ef181062decd0d1260cb0c7e577b29563df2f3a7ea2e22ad73c335f8552

SHA512
9424ecaa4bdb6ba048f449d92bfd971e5ce82805dbf9410b29514a7534fcf0d7524fe6114295de3660e3c5f686603e351469f8e9c9567a219ec1c384c671118c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
21e20eb361e513ed562d65e92abf626d

SHA1
08651be654c54711b4f2fa36927b878c1761d203

SHA256
6c86fae1e98cb56768b35c17dbdcfd9933362105037324c7dfe279fbee80bb4f

SHA512
65ad6d7d2035ea24482695e3dbd8b48f0e14bee14d00b4554d643add11bc8679b9b42451b2ef8d823c4c358ac4cc0c8ac9357f5ed7456842d4b0e9c3e008d29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
0fd262c3772392f2422afb52c1160a0c

SHA1
19fbd9daf4207e404334aa3f23c1ed8e40a13fbf

SHA256
830cba197dbad4bd0c413f81efb26f1d4dfc9ec4097f42f34744793b8879b3a5

SHA512
1493a3742e3140460736a23288d9d01123c4e96cee58628a93a7139bd927685cc617d93ba40eca618d49b54711ece9423b5611f7ff499922b09385785a9ee1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
1a2bd7f236b650f4f92000f1fd23e297

SHA1
0960b4e4358b502a43114931f752ff303d85fc13

SHA256
f8359e253781b7c26509d258bffc9bac00d357d63014d8b60cbda7d2ace4874a

SHA512
cacd0e91a4e38e033cbb92d97195ac4c272a3593fcafdd5654483de2d0f0f6af9bf559d61b5c2b79e9e50c13ba30461c20b25c59ca5a997a97c63c0bb44547f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3a084950568124acb85f32c9ee5b56d6

SHA1
63040881083b53d3dd6c56c077eafde3988040f0

SHA256
edacef6a992e34d75768935bf2a0da05abec12f9b53fa60a7fb7ae5e90851baa

SHA512
d07fc1247aa67e50614843480c0fa803f1d0a8f3ff5025dedb75b169fb2ddddbe67928c95833f30a6829a672771b01d2068c3a8ca9d8e895b509c95e0630375c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd2636c65d42d3963f02aee5b144efa6

SHA1
d06f93f978559cac133fa0e9da103e61f8868448

SHA256
13325392a0cdb6be480881b2160a46098e6dccfca2109d0b047329df061bb04a

SHA512
f4b031520e70f4727c587d0b795af64b3c2a9225dccad205013bf37d3804686d11891a60e4f0fa8eb20aaf6665bb87181487008aafac3108fe2a4613d9a91c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
148900facf58e5ae252214368e0cef2f

SHA1
722ef54d2238a4362b71fd69bced03f064970345

SHA256
a797feb91ce508da3b500c8b9274d015f2f306dd86875f0a8417168049988534

SHA512
7dcb0503d20e07d2745acaf733b0eaa15e67a5645e834080de70a7019f8171ed02ab6c99e2039715686dfc04b8d47fdf242017ff9af86610f0083f9586b7ddf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e8cd8c473f90548ddfa76f5810bdc701

SHA1
3c0ccbd726db1326d412e21b86901ac0099dd078

SHA256
7832e948545b8067f8dd977e71ce13707d232cba0212b5b701745adebc850275

SHA512
0cc6714fe0273440fef516d41b8d38401bf3dd44b6df9400d44b7face157395279b9cc5003604543cb59fcdb96eb177ff49386763265cc164d195779f9512da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25212dd1e6c33eceafd8ca73cf24ad7a

SHA1
662fb7676a9a6d985234284922a2df6c69ea74fb

SHA256
12b430de50ea4d19d7c2b4efc3d7e28d3dfeb40cfa58d63011c3a7f3e7e15f54

SHA512
e0ffe8db5a69bb86418c90a35dff67871fbaeb1476e7a55234cee98f11fe90af45c9f3f0050444678a2ee38b4a8d277ad5a6dd575ab1806453669ee32d1d1fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8f9ee8e95cd561860867bea50c76c5f6

SHA1
89c6f8b16e025d44b84d1e686dd82b276474aa42

SHA256
4b0926b3a46e6e2d8d1f3e0d34d60f03052ce1cc92a188f345942fd1b1400cee

SHA512
04cabe1a8feecf7c78004a097b416c8cbfd0952007ca7859f88df7d018555a4354fddc161c2e1a96787dc59c34209785f1865031320eddb54af49124b2bc5744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8952701144d3291e6daaeeb2521fc45f

SHA1
ed28f964ebf72e54aa349cd95f4e8b9d811f7d67

SHA256
603be4af4f503fcb7da9f966571ed39288cccf9b8b44ee9286358950c6055e73

SHA512
790e7829b1cbef0e572f5fd9027327ab3bc2014160112962e34d8d5e65847bc23476cbdb0a20ee9da14d8bea5454e849b36a284819df9fa04071c9712ff2d9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
73724aab5e9cb77232b5ff97df3cb2f6

SHA1
5d2b277550584c163057b752c1f94ec58f3eff82

SHA256
912d9c8b28dcd56c1cafc576151e61dc25975f6e0cea0f8748ad2602b4582527

SHA512
88475bbbfe2aa4a6455f8c891e123dda03c050922f599b80ad8439bd29ceb841423f22239e6d8a4b65a4c3c070602566f3e3aa029a0b802b351a68108f9bbec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
416283e8535c9ba9a85dcb7a683e97d4

SHA1
40759142aaa6440277933db60fdb74787104c2d9

SHA256
3eab4094ad5f997e3143458174c2014ec98d59dc0aa48a8e36a058bd31fc9973

SHA512
a4d90284347524ba897aa91180e34096874d33ad97711dd1190cbdc707a86ee77689cc95e09094360ad2788e2cace1a41c7476b53f873a4cafc7b96edd296a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6707d7ec9c1d89f6cb5f56ffb146718d

SHA1
7aa745c0a7009d9c6a137eb4b7f3b47c56392aa7

SHA256
b6c3c513fc7d06a3183ded99bc12d0636cdbab613e19db3405194dfbccfcd881

SHA512
89220d4da92daddb8fcbb4cde885bbc8ab3bd1e6683d9b307cd6a1869b955f33c088ac38327693e974f132186ab9e682a12f3e0a0704c9a8ef40f3893d888f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6263d5.TMP

Filesize
94KB

MD5
dd7f87c9450bf1230b015237eced9ab3

SHA1
9ecdd43defb0ba134419fad3c1619d1cd4ddb43c

SHA256
745d1f219abf5bd6dda8ed0129ae773a6382cc683fdfb90994f1679c8caa675e

SHA512
bb30df71b93d5f9459e60156a5f1e0b4063f322cec2d6f6a79c955cb6cfd987522b6934f29a667c38908b4a92197cc549c0ae8a47b413dc58e3ae986ac7397f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3E8C.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3E8C.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3E8C.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
33ec0b234932a632edcb0af8ba3d2f82

SHA1
540d13461c18af04cbaac584d295018baf453068

SHA256
ec3c7beae422d5c6825292765078aa84c1ebe18f6e3265875714a95a4cbb7d44

SHA512
38f58143206a730288a2c7a88d4bdb5df9c14bf6b48981c42ccab9de5afe74f613874e98272575910f564004d4c21cb17932c0bff2cc43e773cf77c4fdfce028

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
c8493f0bccd9644631e2e89c834726a1

SHA1
a11c99bd1e61ac5571a3a87594453beec293d822

SHA256
03cce8aaf5d06f52164c123dec064f42c7ff16c3e2fed079a842f43fdbbc6d00

SHA512
55734bed47dbe4f676af4038fa3c711af99d34ab2be87516b902f9b26051741e23a3881644a35a2975ee66f3270303972f76f40573462fe8da647743d46d220f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
1224f2b6d213defa2ba02abcfe3df9a8

SHA1
3215c60370e2f62828fdabb8db72692438e18513

SHA256
d488317185dab1d95c5de80a2bb3eed4c6bda3400fd815c731833c5b50a7e5e2

SHA512
6579e23977b638761243f498e5265cdca3de235fd7ff6882bc651a18f324c4219937e3560ea7cb36d21b73b5ffa9f8875f5322b6d82d9b80e0f01fe56d16332f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
5ef7f1555e8bfa248a252d780460cde2

SHA1
285de9aaf4f4b53d2ec460950bd528ea97993555

SHA256
87912253aad8fc5e2417d7ee07a31a02eaa08889020f3f21eefc7fbab068b82e

SHA512
be1c4262bb6ac519b0c1bd6c891ab1bd62bc72a939ecf1276c7d62b64d7da1911c8439fb0ae5ee5b9aab9941ea9e7b59a739442bae9c8203969db0596a4c1ea4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
acc23709ddef160c69a2c88f098cb378

SHA1
4d20fe06ad8cfb0740381c475da5af4e92a6761c

SHA256
7cac9910fae17a7e0b8f5075a650eab32a2a0c093be4f1aa0f86c3c9bb98ec78

SHA512
909d7a17f2957d3df7558166387401133ac5e83b2caff6f4e1ca70a87008ee10b23f663e6d108a78a5d171ce9d88dbedf1ead2a55e177e5823ab17fe63ec31b0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
71bc1bad56e456596ddd46efefbd2010

SHA1
ce97ca560110697691b1aa7793af38f76f9c08c3

SHA256
cbca959af4aa59254a47762af621568c2505de03b2fc811992ee6c56017a9d00

SHA512
8ca760e3dfc02c984a32dcbdf40ce35f423591d7f430e530cfe14b13e26444ed994dcb1d06aaba3d1a257ef66c5d7d578e3f28bc2f762eab262d368de70f071d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
a44848870cbd6469802859b51966ccab

SHA1
bf6061ec3b49c95f6c336d5b2043d9a87ce10363

SHA256
0bb5dbf06e25cf31c113b69f26076a300c99efa3711ecb82319205f26c60d1dc

SHA512
d23b98b91f5367b96e3aa7e556d535ba37257bd2dee0360270912b7c7de7d5798520d3f17e95ed49ef41659c8da2d4bb2543c90824ece8e72cc25ec730e1deb0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
88KB

MD5
8532e175e70e5dbd4b58676e2e0f257c

SHA1
1ed08cff831e58b9ba1305c78365dd009a9983b0

SHA256
9d63dde84f4a3f123189d33ce5b1cdb95cc1c2c3a646c5030c90805fc875ad25

SHA512
2dc3cf3fab08c0fa340e58fcc0314078b40b951dbe9bc89bf513faab0f2d0a532b3b97ea77d392b55e9bec945b6b9b95af4b95587ababc50882f2cd7456c7b78

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-descriptors.new

Filesize
14KB

MD5
d92842dcef4e0fcb62992091c3c95d05

SHA1
5e0b70a3014f75058ca822819af03cf32a58188f

SHA256
c7388449a188b47efefdae1abd27596600d2a3cd53970456271220a7f87b67ca

SHA512
74213aaf8840f63baefec5b36ed8ba4c93abdddc1f0447059d6df759b44fa75754810e56b043afabc29a699300dd68a38371a71588e1136d63f14d0220555de4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.4MB

MD5
2b33748c6b23911cbd33e1ad0f8c4378

SHA1
37584a092c667d941160a40d228d3bc8c6e9f6b8

SHA256
b370da6f7886b5e7aa7fd7c1b89b2538265515f59c72dcb8073a8889733679d0

SHA512
799566da67496a149e68ac4252d9ac956948eb6fc185da37d2c50d9caa8ab3f5cbfff42a727fcb0f34dd49ac760a8a267537535bd4c24d4a5b829a8ab3113bd3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
4.1MB

MD5
611eff29b8b08adac87e27c4a43f1e9c

SHA1
f3445ed8a81669d1f045526fb0195d0d40090225

SHA256
502b23287441bd126f246b6252ecf0f5b30662d9709baa30c4bc92c29a4fd2ce

SHA512
6206e31f475b45a0e7e5a58ca9e573cafacb10fb32b94a88399c8e219f168c73fedc3a52fee2906e3b05b62ebf9188bf3a717fde4d5ac31399f3eb8a957ce6d0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.9MB

MD5
0b3feaadc595d2b6588a71f17c6dcbbc

SHA1
3209da1b046534efe22c9b3da86e2cf4adf5d3ae

SHA256
4b4d1a732676a3775f133ef969b1b73c25a66603928ec542d81c144290a472c9

SHA512
55e873a9a824b95a594b7ae1dd106e94118adbb973be272d6b683a6530aaf4b9715a82b9404d1c8c4a9e950fc57a129f8205f2ea3f90d2b4b448f49211c6927f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
1415ff2562e8a4c595e99ff713a1ba38

SHA1
0286f612a5572ec221e456ec145149078930c76a

SHA256
18324f12f6e5858900e764340a24cf1f86b78041db68f3da062b9bca8ce6c7a8

SHA512
4dc261ba9bb6476eedf0c050bbfc20f5a46d080dbe35665b0d9230608b0c08115e6d251de741e87d83cf4ab4304d59e3f2328af71196443f3b967d4492d8dc64

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
d95b080522c46eb65e8d5649f63b4dcb

SHA1
66a1d20c6a9d67c39dd27ab0653cb2c875e4a000

SHA256
bd7ba810019884ef8002302d8f3e6bc8476dfddbca6c6caf58bfe35dc1516d00

SHA512
720edeba3de59a0e6def728f6f097540032d426a45d2ed1b045f072d916e2f3b3e9b88e8c825959c1cbe52eb7e621ed1e635f3be5ce1bcaf67ccfba3823b837a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
60060fca03446a8d9927fb3e254d4827

SHA1
7939740fa99d45e9dfc8d974b2eb6b26ed6eaf87

SHA256
677c9992fbd068364a123f23c22fc8b023d8446b0c33fbbd09b88b722339f179

SHA512
aed767f0b4dd0ed8d5f7ef393c37f2512e3a29e0038d768f01b89c52bad85ef29d0a55bd3ab344f853f2a4e6c44d442e193c181d07dfcd38849b2c81c978670d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
5382e3987a1347af3bc4705f8c1d1487

SHA1
b909e402b53db1cd0adddd80eff9c7dde7a0baea

SHA256
7b1f3e637d1a219cf2e8e56a7cb940aeafb442308d8d35aab0fd3d5013346be6

SHA512
a3621b656cd9cde98c6bac04a94f564397d05eb62fc52c0b5879cc6d3e9756b3e2234e895f833e3b26e7a03faf1c85ace654c388aa46766929c5dee22d793745

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
ea8e6a9acebc39f558acd1bd82dbdde1

SHA1
17131f0a927ea1f857570b1b541a524d43b53fb7

SHA256
37b630d828d3d886ea06f841b83ba37b59b4ed4991e28debe5ecd1d765ff04b8

SHA512
a02b2f9850ba19093b9d8c291b0b5253f23c73c7e34fb5649f7effc8cc809d025581af64af28d5b8fd5337ea526146f274ffa25ee3eb7a055d69110752d2a9af

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
21d0d59316ebc2b15938ca84db562300

SHA1
144f12431f9804bf94103d0334b733865547b829

SHA256
aa9d1b7421d8f8925e324258ed832983cd9a81d3f11ae301b7c80b1cfd9a27a1

SHA512
ee5844abf71140e6bdb4826336b83fe144121c655e47daac3d5ab06312188f14ecbbefe8643ec0dfbc7071eb136d35811c0caefde0077e8707a2d15ec3f0db03

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
17.7MB

MD5
19ecacaaea9cd1fa41ece74bf5eef8b4

SHA1
8813c248e348f1578a6286dfb6a07a4666e4af3d

SHA256
3ed1d3a73a91eb9ff0dd990ec4a2ab3e4ea54d7738dc193e3ad51ae6a9b5c1be

SHA512
7cdf9bb8a065792b281f5d9768f98b5326b10609dcd42f85bf06a80dc83bf9390aaac3492a66dbe60e2473b6598aa266e48409bc1b5ac87329f2d7bad510142e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
c68998293eeb01f29158103e8c568dbe

SHA1
87afc20671346abb8c8151f3e7edff4d7c92b5b5

SHA256
d063690acd9d5567b497e7b1aad89e3675990c42fbf0c9e82286157bd7471c3c

SHA512
552bdb07c01d2008f892b2c4d9d612bcdd89394a34473e4433279fcf9cf4d1400ccc22e56db2b532c3391e4c1cc180d2a27e54173f6aba93a5f7324d693946c8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
7119cfa13acd8f6218700b4e69c69145

SHA1
fd2c42923c247cface0c5afe257e979d7e324160

SHA256
6827a68fafea66cd585908182ed71d90aefdca6820197689d7290dc4c9d340d2

SHA512
cf31092dc55bfbe82d19d8c517492765c8eb4a26f7e0e1f443486dcaaa2092a8dfd503279db43ad3aafbbc69cff2a25d360c105282ff352b4bad0b58aa8e62a0

Download Submit
memory/2752-1080-0x0000027DF4C10000-0x0000027DF4D80000-memory.dmp

Filesize
1.4MB

Download
memory/2752-1004-0x0000027DFFE10000-0x0000027DFFE20000-memory.dmp

Filesize
64KB

Download
memory/4328-882-0x00007FF887E10000-0x00007FF887E11000-memory.dmp

Filesize
4KB

Download
memory/4328-881-0x00007FF886F80000-0x00007FF886F81000-memory.dmp

Filesize
4KB

Download
memory/4688-773-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4688-732-0x00007FF87F540000-0x00007FF87F54D000-memory.dmp

Filesize
52KB

Download
memory/4688-730-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/4688-556-0x00007FF87FB20000-0x00007FF87FB2F000-memory.dmp

Filesize
60KB

Download
memory/4688-555-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download