Analysis Overview
SHA256
0c68b126ce00d3b9b736c1e62cab93b4f9d90374fda95fed96353551eacc61cd
Threat Level: Shows suspicious behavior
The file tor-browser-windows-x86_64-portable-13.0.15.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 22:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
138s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\nss3.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
144s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\osclientcerts.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
139s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\updater.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\updater.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.19:443 | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
73s
Max time network
87s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\webtunnel-client.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\webtunnel-client.exe"
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
135s
Max time network
155s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49735 | tcp | |
| N/A | 127.0.0.1:49739 | tcp | |
| DE | 79.143.177.192:443 | tcp | |
| FI | 135.181.63.118:9101 | tcp | |
| DE | 62.67.28.2:9001 | tcp | |
| US | 8.8.8.8:53 | 192.177.143.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.63.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.28.67.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus
| MD5 | e4bd25ebebbf9f5c56428fa80a78b4cb |
| SHA1 | 9508ba9c2f7a5c7197011d668b17ac3714a67b24 |
| SHA256 | 09d8368424b1adab39c7542a46c7a1edef203c107e6df6f3ade60d7af9521ccd |
| SHA512 | d7971af2d8357cd7ee6fa10176d1d959a60175dd54658dd168ca2f094253e2de95a0959341aebbb25754315bbb4e37e0bd195be7104a06c17403ff4a92c5f02b |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | e9d29500f3254cc4ce1b785343e4eab4 |
| SHA1 | 93d4399e572371971ea0830c79fde44174ea3a6b |
| SHA256 | d2ca8a4fc48d56a89574219aed8bd6586d8a698e3783d5a1d89741f270ed8d45 |
| SHA512 | 31848fa0af23e94f47e4fe2942b280ee08fb628f141fa7f3136544b52b551016d18b07dbe1fa4248bdf7514794f0020f6160667dac1ac26ee883a90cfe668bdb |
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
143s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\d3dcompiler_47.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
145s
Max time network
95s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe"
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.0.1631249123\1487568922" -parentBuildID 20240510150000 -prefsHandle 2312 -prefMapHandle 2160 -prefsLen 19246 -prefMapSize 243824 -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {c33ed8c6-3a3b-4d95-9884-e907bd2df4ac} 3916 gpu
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.1.318879471\1879080826" -childID 1 -isForBrowser -prefsHandle 1668 -prefMapHandle 1852 -prefsLen 20081 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {069167b2-69dd-49ee-852b-d46b72711c4b} 3916 tab
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe --defaults-torrc C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor\torrc-defaults -f C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor\torrc DataDirectory C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor ClientOnionAuthDir C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor\onion-auth GeoIPFile C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor\geoip GeoIPv6File C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Tor\geoip6 +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:510b100a45000e91609f8498f1f4e5a89eeb848ac0e7d27736aa093c3c +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3916 DisableNetwork 1
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.2.2130457654\1312317537" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 20897 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {cd90360e-fdb6-4993-93d9-eeddc0986df3} 3916 tab
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.3.53409278\224759922" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3652 -prefsLen 20974 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {f9d99280-a86b-4160-923f-7e18e970600d} 3916 tab
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.4.1413823346\437713956" -parentBuildID 20240510150000 -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 24113 -prefMapSize 243824 -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {42db61b8-f1af-47d6-815e-f0689a65f0b7} 3916 rdd
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.5.1595948434\542238547" -childID 4 -isForBrowser -prefsHandle 2932 -prefMapHandle 4164 -prefsLen 22426 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {1c59cf77-e38e-4141-be20-4b10b5ab08c9} 3916 tab
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.6.1887609612\652937032" -childID 5 -isForBrowser -prefsHandle 2872 -prefMapHandle 2860 -prefsLen 22426 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {ace222e6-1a75-4b3a-ac00-246f2e023f64} 3916 tab
C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\firefox.exe" -contentproc --channel="3916.7.1264688062\1148788858" -childID 6 -isForBrowser -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 22426 -prefMapSize 243824 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\Browser\browser" - {fda15517-ed0e-4511-b0b9-528b9df0f36e} 3916 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49736 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49845 | tcp | |
| N/A | 127.0.0.1:49957 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
memory/2668-74-0x000002581AC80000-0x000002581AC81000-memory.dmp
memory/2668-73-0x00007FFF33610000-0x00007FFF33611000-memory.dmp
memory/3916-80-0x00000205957A0000-0x00000205957B0000-memory.dmp
memory/1376-87-0x0000012658400000-0x0000012658401000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
memory/4972-99-0x0000021ADD2D0000-0x0000021ADD2D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 213ca6a0a157dbafd2e557512e219851 |
| SHA1 | 6409fac97042a7daabb3c14127dc34d01489d6a5 |
| SHA256 | 7031b84e0b47bf190103de20ea1c4253a731246faf13ae92745debd993ec447c |
| SHA512 | 2619452043690e00a9150fd3c572ac1573a88fa304db8ef3e145686361bf96163aed7007f010ba5312eadc81f3776e111f28d6d940cbd8c908b7d8efdc5abb8f |
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1c2009b24b385892b3713117f36c86e0 |
| SHA1 | 88b064b81741c54f557b3b011bce1d80c9646478 |
| SHA256 | c41d58df00bb2c3b21f61365c8e19be9ea81ddd0d8a2026b20723afea81d5989 |
| SHA512 | 074246f0a8709cc9b856f5f4e3c3326d9c8e8a6868812e84c93c7d162ea55e8e1f1e3116c9d358fdbe598e22f28967b9cb72bf8aee18adb5214dc01202c51acd |
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | 14d88504273f8836e75a665133af2e11 |
| SHA1 | 62c38047463db5a0bfb20ab4e0a8bb139b44e48d |
| SHA256 | 8b81f64ae5b7bc31e3d73f09dcc5bdb6b51b81bf3fc2543439b181eb2a574392 |
| SHA512 | 8ff9218dec18a954817dbeadb7ec0462c6d46e96dcd0bc90856dd49c478e01579c814c7848272b46e0c80a23a4582d4a6513155e7dc2636f8c61c86af59e4777 |
memory/2668-217-0x000002581AC50000-0x000002581AC79000-memory.dmp
memory/3916-230-0x00000205922B0000-0x00000205922C0000-memory.dmp
memory/3788-238-0x00000120009D0000-0x00000120009D1000-memory.dmp
memory/2672-234-0x000001CD72900000-0x000001CD72901000-memory.dmp
memory/1184-248-0x000001720F730000-0x000001720F731000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 96c5cbf45b3c744965d6d615e698816a |
| SHA1 | 17df0b8510897e1f966396fe8a764de307c706e5 |
| SHA256 | 18fbca53caa33794ca9432ac6d5fa2d8a702dcedd2de411074e3755eec55822c |
| SHA512 | d8b794160e175d8ee581dd60734c187bc0c1c1cdb4ec7a413bd007ea867ad8d124d4c99ec0592619c9637bbad1a116ba4086edae9846242ba3bb23c5145415bc |
memory/1376-279-0x00000126582B0000-0x00000126582D9000-memory.dmp
memory/4972-280-0x0000021ADD2A0000-0x0000021ADD2C9000-memory.dmp
memory/1184-286-0x000001720F6F0000-0x000001720F719000-memory.dmp
memory/3788-285-0x00000120008A0000-0x00000120008C9000-memory.dmp
memory/2672-284-0x000001CD728D0000-0x000001CD728F9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 65f5981cb41f4306bb9d68c4d51e322a |
| SHA1 | b4cfb0972ce4919c3701b00d5bab276d48caf13f |
| SHA256 | ae1f710b853c63b385e507b4c0b45aeb85c8fd298a1852dce62cecb468ff04bd |
| SHA512 | a1c9cce23e202a2b3891b8693be261373dea5732d2ec84a901724ed9ebd0285f55c0b82cfae239f9776cb05149e8e09707860cad2f3cd11016d94b3243089ba1 |
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 34cf753d2547cc7b4829c95546314d8a |
| SHA1 | 1719a1d8b3f4e7f267133131f3f2c314bcbc951c |
| SHA256 | 6f4b10dc169edef472f6305202f815653fdd56aece9aa1afcd039a69e5626316 |
| SHA512 | 115eaec90ecb19acd1d62af10228b71162cb445a51500b9eb3967bdb5e506d636f436ff6d6376b526076c0d10df15a81b4e82235ebce3cd0322d1f94cc8e4300 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240419-en
Max time kernel
85s
Max time network
99s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240419-en
Max time kernel
83s
Max time network
95s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\mozavcodec.dll,#1
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
148s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\mozglue.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
141s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\qipcap64.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.15.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.15.exe
"C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.15.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.0.1845724734\703338260" -parentBuildID 20240510150000 -prefsHandle 2168 -prefMapHandle 2308 -prefsLen 19246 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b16140ad-8b54-4738-8ed1-c3df169bc2fd} 1984 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.1.6722862\2067606643" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 20081 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b73dcee4-9fec-470b-b41a-b390833fe109} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:d3ed735be933c8e5603a8275cbcdc8fcec4ab0cca0748d5f3ea005a806 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1984 DisableNetwork 1
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.2.674102573\406474875" -childID 2 -isForBrowser -prefsHandle 3016 -prefMapHandle 2968 -prefsLen 20897 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {94ba6667-761d-4b64-8445-abb55613c171} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.3.473632408\149085947" -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 20974 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f9e2a1c0-e3f4-4cbe-ba39-65772937a4b8} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.4.613685316\738640636" -parentBuildID 20240510150000 -prefsHandle 3632 -prefMapHandle 3636 -prefsLen 21218 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e118ef9a-f779-41d2-8806-7628d9532a07} 1984 rdd
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.5.864690257\1322940958" -childID 4 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bfcc2507-6c60-4f93-bfd7-782efac731fb} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.6.1791513738\833241944" -childID 5 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {41799489-7ffe-4f01-8d55-31afc1674435} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.7.1256591388\767252521" -childID 6 -isForBrowser -prefsHandle 4392 -prefMapHandle 4396 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {79732b32-4c9e-458e-8d9c-4ecaa2946236} 1984 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49999 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50148 | tcp | |
| N/A | 127.0.0.1:50285 | tcp | |
| AT | 89.58.61.42:9001 | tcp | |
| US | 8.8.8.8:53 | 42.61.58.89.in-addr.arpa | udp |
| NL | 45.83.5.242:9001 | tcp | |
| US | 8.8.8.8:53 | 242.5.83.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| CH | 185.143.102.59:443 | tcp | |
| DE | 136.243.3.194:8000 | tcp | |
| GB | 89.187.167.9:443 | www.phpmyadmin.net | tcp |
| N/A | 127.0.0.1:50363 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\System.dll
| MD5 | 480304643eee06e32bfc0ff7e922c5b2 |
| SHA1 | 383c23b3aba0450416b9fe60e77663ee96bb8359 |
| SHA256 | f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce |
| SHA512 | 125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642 |
C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\LangDLL.dll
| MD5 | 59888d7d17f0100e5cffe2aca0b3dfaf |
| SHA1 | 8563187a53d22f33b90260819624943204924fdc |
| SHA256 | f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3 |
| SHA512 | d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23 |
memory/3860-9-0x0000000140000000-0x0000000140070000-memory.dmp
memory/3860-10-0x00007FFC60B50000-0x00007FFC60B5F000-memory.dmp
memory/3860-68-0x0000000140000000-0x0000000140070000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\nsDialogs.dll
| MD5 | 990eb444cf524aa6e436295d5fc1d671 |
| SHA1 | ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3 |
| SHA256 | 46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8 |
| SHA512 | d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27 |
memory/3860-206-0x0000000140000000-0x0000000140070000-memory.dmp
memory/3860-208-0x00007FFC60B40000-0x00007FFC60B4D000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk
| MD5 | 211407098863d831d8c104ac4d295a82 |
| SHA1 | 49765223391661711a2ee550dfd554feca23d8dc |
| SHA256 | 86600d3424e3e11f84bfd06e8ca7d84081595d69d53bb6c28aefd103d68cc507 |
| SHA512 | dddaab9900312a7d8d63262d9ca961a88384a98b5ed0dee780ddeb2ff35bbc2fb81dd880e29b03c9d981e0e06760c9ebe528c2e7b1ce873571aa1099001b7a41 |
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
| MD5 | 1415ff2562e8a4c595e99ff713a1ba38 |
| SHA1 | 0286f612a5572ec221e456ec145149078930c76a |
| SHA256 | 18324f12f6e5858900e764340a24cf1f86b78041db68f3da062b9bca8ce6c7a8 |
| SHA512 | 4dc261ba9bb6476eedf0c050bbfc20f5a46d080dbe35665b0d9230608b0c08115e6d251de741e87d83cf4ab4304d59e3f2328af71196443f3b967d4492d8dc64 |
memory/3860-249-0x0000000140000000-0x0000000140070000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
| MD5 | 5382e3987a1347af3bc4705f8c1d1487 |
| SHA1 | b909e402b53db1cd0adddd80eff9c7dde7a0baea |
| SHA256 | 7b1f3e637d1a219cf2e8e56a7cb940aeafb442308d8d35aab0fd3d5013346be6 |
| SHA512 | a3621b656cd9cde98c6bac04a94f564397d05eb62fc52c0b5879cc6d3e9756b3e2234e895f833e3b26e7a03faf1c85ace654c388aa46766929c5dee22d793745 |
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
| MD5 | 60060fca03446a8d9927fb3e254d4827 |
| SHA1 | 7939740fa99d45e9dfc8d974b2eb6b26ed6eaf87 |
| SHA256 | 677c9992fbd068364a123f23c22fc8b023d8446b0c33fbbd09b88b722339f179 |
| SHA512 | aed767f0b4dd0ed8d5f7ef393c37f2512e3a29e0038d768f01b89c52bad85ef29d0a55bd3ab344f853f2a4e6c44d442e193c181d07dfcd38849b2c81c978670d |
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
| MD5 | ea8e6a9acebc39f558acd1bd82dbdde1 |
| SHA1 | 17131f0a927ea1f857570b1b541a524d43b53fb7 |
| SHA256 | 37b630d828d3d886ea06f841b83ba37b59b4ed4991e28debe5ecd1d765ff04b8 |
| SHA512 | a02b2f9850ba19093b9d8c291b0b5253f23c73c7e34fb5649f7effc8cc809d025581af64af28d5b8fd5337ea526146f274ffa25ee3eb7a055d69110752d2a9af |
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
| MD5 | 70b1d09d91bc834e84a48a259f7c1ee9 |
| SHA1 | 592ddaec59f760c0afe677ad3001f4b1a85bb3c0 |
| SHA256 | 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce |
| SHA512 | b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4 |
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
| MD5 | 3d84d108d421f30fb3c5ef2536d2a3eb |
| SHA1 | 0f3b02737462227a9b9e471f075357c9112f0a68 |
| SHA256 | 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b |
| SHA512 | 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja
| MD5 | 0b3feaadc595d2b6588a71f17c6dcbbc |
| SHA1 | 3209da1b046534efe22c9b3da86e2cf4adf5d3ae |
| SHA256 | 4b4d1a732676a3775f133ef969b1b73c25a66603928ec542d81c144290a472c9 |
| SHA512 | 55e873a9a824b95a594b7ae1dd106e94118adbb973be272d6b683a6530aaf4b9715a82b9404d1c8c4a9e950fc57a129f8205f2ea3f90d2b4b448f49211c6927f |
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja
| MD5 | 19ecacaaea9cd1fa41ece74bf5eef8b4 |
| SHA1 | 8813c248e348f1578a6286dfb6a07a4666e4af3d |
| SHA256 | 3ed1d3a73a91eb9ff0dd990ec4a2ab3e4ea54d7738dc193e3ad51ae6a9b5c1be |
| SHA512 | 7cdf9bb8a065792b281f5d9768f98b5326b10609dcd42f85bf06a80dc83bf9390aaac3492a66dbe60e2473b6598aa266e48409bc1b5ac87329f2d7bad510142e |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
| MD5 | 5b0cb2afa381416690d2b48a5534fe41 |
| SHA1 | 5c7d290a828ca789ea3cf496e563324133d95e06 |
| SHA256 | 11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c |
| SHA512 | 0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e |
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll
| MD5 | d95b080522c46eb65e8d5649f63b4dcb |
| SHA1 | 66a1d20c6a9d67c39dd27ab0653cb2c875e4a000 |
| SHA256 | bd7ba810019884ef8002302d8f3e6bc8476dfddbca6c6caf58bfe35dc1516d00 |
| SHA512 | 720edeba3de59a0e6def728f6f097540032d426a45d2ed1b045f072d916e2f3b3e9b88e8c825959c1cbe52eb7e621ed1e635f3be5ce1bcaf67ccfba3823b837a |
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll
| MD5 | 21d0d59316ebc2b15938ca84db562300 |
| SHA1 | 144f12431f9804bf94103d0334b733865547b829 |
| SHA256 | aa9d1b7421d8f8925e324258ed832983cd9a81d3f11ae301b7c80b1cfd9a27a1 |
| SHA512 | ee5844abf71140e6bdb4826336b83fe144121c655e47daac3d5ab06312188f14ecbbefe8643ec0dfbc7071eb136d35811c0caefde0077e8707a2d15ec3f0db03 |
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll
| MD5 | c68998293eeb01f29158103e8c568dbe |
| SHA1 | 87afc20671346abb8c8151f3e7edff4d7c92b5b5 |
| SHA256 | d063690acd9d5567b497e7b1aad89e3675990c42fbf0c9e82286157bd7471c3c |
| SHA512 | 552bdb07c01d2008f892b2c4d9d612bcdd89394a34473e4433279fcf9cf4d1400ccc22e56db2b532c3391e4c1cc180d2a27e54173f6aba93a5f7324d693946c8 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf
| MD5 | c0d20faa4acd8b886197e897a6ddc7d4 |
| SHA1 | 64355303ac0b639f0135bb51325b8aee780b11e4 |
| SHA256 | 9f384e8a75a059b8efcbead73ef5aa3b504ac3e9d218be5368a20b19bfccdeec |
| SHA512 | c7062651d7fdaae6168f65887f1a6d07b95b721efbe3d756f5a1fad58641f2b5fd1a3d732ae4225ee3228454ed1982c7258be70abb41ab9d8ed867915337192f |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanunoo-Regular.ttf
| MD5 | 250641d775a2a75290157b7172edc427 |
| SHA1 | 9f36a194d750b7f44971227b6e27d1e973e321a0 |
| SHA256 | ef23d153e9d666becc0d79fa88f0ae21f46138f1285b8eac304661ab35717aed |
| SHA512 | 5ead3be49d35b00b4c5f21745da2d010f497e95a12f41bfcc9aa9c3030fdcf909712d76c6500f76222aa0b4abd396f9802d40324fcef63dd811eeb01fffb5641 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanifiRohingya-Regular.ttf
| MD5 | e94c7a07b9b1ca1bb14ca57878cca94a |
| SHA1 | 5ea22b87920e0f5f5f72d5e1ed59c2b5c823b94e |
| SHA256 | ce453eaf8807a9a410cdc2ebeb7ae009e90b9e611342ac239aa59b794bdcefdb |
| SHA512 | e36ca8e8776010a95565fa8eb95f39aca73011e832d2c12a67455fc5e398dff305977c3bcea55fa9fac9028f6824111f0a9d401117e048c58b1403daa453814f |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf
| MD5 | c7c77c60cb0c224fdb2f031f68c57c83 |
| SHA1 | a712f0d05be0cb5f4ff078df580bbfc8ae9d852f |
| SHA256 | 658d0207da305a1411c539a8b0bbeda64d4146e54fb4827facddb890b6b90d74 |
| SHA512 | bf2aedc9aeffbdb1e9b2d8e0664dbd001bbbd164ae3ebdb3b8d71b4878460026853edffd67fa8c5970fc296863b5f4cb74430f591d6540d3a641b49d32f4d46d |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGunjalaGondi-Regular.ttf
| MD5 | 0f130a6dc9daa7af30009644d0205215 |
| SHA1 | c01f161467bb12e9d67c9799662fa64bf28c5b69 |
| SHA256 | bdc8ed1739118d7c1be43cb5b435817fb7a5ae0acb32c89b2ddd66e7e9c2d1b3 |
| SHA512 | cde4e0cc97cfd3d3c12e9ef837cbbc85c54c5ec72ba354a3cbe8f4ad6a1bc03690066a53bec3c15ae3ef493f419a6b110fd0770cca9ea4b007289ac176d73931 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf
| MD5 | 3853291b52d0b987d15b3595bd792584 |
| SHA1 | e7fbec665568bc358510f56c7f610c0b7cc1e9a5 |
| SHA256 | c92e0697dc2d2cae1db5a447bd0bb8a690dfdbacbe618841b21cbfc2f483242e |
| SHA512 | 0a44cc5cfde9b74da17f81c432f487bc1276c0ad29b01a9d61e535f690b785dec0cba7f2ed828a1b8381050714ebd6309721bdd7b80e6a1ad9b0e9e0af966581 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf
| MD5 | a3d0e9dded672781968f021d6f869ae5 |
| SHA1 | 98af88c343c9b761b0a0b03859fcb1ace7851a40 |
| SHA256 | 98a079a902bcd5f298cdcf59eeb21bbc8565b4f361e75faba300aac376b842cf |
| SHA512 | e60d5ceb0b82dcb1f58969487a3075bed673881219c082ee78e6102c4cf17122e8537c8b6e58d2f9b8097b5a1902711b743e9e4cbc455dcf3dbb4bac796d8b28 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf
| MD5 | 61f5441fdfe5be8a1b933ef1ef674ec4 |
| SHA1 | 07a3c3cbd0f7d2cfef5e74e1c28d5b2ccbca35eb |
| SHA256 | a14c27d89ef15d7855dcf03c6524cd2d98ce7d4374dcd7643b7d07d7ba0f13a5 |
| SHA512 | 2dc8136cb7f4bb57ae2c7bab7b775c317f6f46e76eeeca93bbb0d9edcde3f35e9420601bf3d6e1043511d02d7447e2b64214a89f02f5b32e30ee347236bfcd78 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf
| MD5 | de7cf6c6fa2fbc854dcf6d2e2716f1d1 |
| SHA1 | f07c1412adb1cc2d742546a25eb66ba63ee3c840 |
| SHA256 | f6f7fc379db9438959a2b0527e7a2cf36ea9c84626d56ec444fff37fc24c3c10 |
| SHA512 | ee98dc59d2fe843fbcad6eb2009ef865016478ef655dd2f873b4bc45c4e67908aac4b776c5846514d3f80aa4843d1426b797f2c385e7d3ce814d7d96386049b2 |
memory/4224-371-0x00007FFC694A0000-0x00007FFC694A1000-memory.dmp
memory/4224-370-0x00007FFC68F80000-0x00007FFC68F81000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf
| MD5 | 1c7297bc694bdb5baba7c1d39f333c63 |
| SHA1 | 4de6449e4f8d315c91109a741ced09b86c3302c9 |
| SHA256 | 6d52707e91a77e23f389f42b5da65d7047205e7833041fe0b2cd7ff280e14749 |
| SHA512 | 91ba1203c4057c930ef08470395c91b03c2618f5decb9bbedd9b37f858a29c63e537c658bcae73fc32fa7e9e11911bba6d0fc540b16e180936c8082ef00f15ca |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf
| MD5 | 2358cc51bd1271c89f2c173e684876fa |
| SHA1 | 7c30d7317d34ce0503bfd3b24900bd0fa4c6a69b |
| SHA256 | dc0eb899c5852c819bfb30482e6f2ee1e44a4c8cd28f6622a2d4561bf1e3e444 |
| SHA512 | 873696739807520826aa7c6b825701dc36786d020902eedb6ec7438d9aee71efcf1c6dbedf7bd4dea7604de73e1506f66961f7b5f5c80b7a9e71c73bb3aab264 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf
| MD5 | bc7e07463581535f8cf124dbfda9bb5f |
| SHA1 | 4d59c125be1263685c909b8f1b202194a0087e70 |
| SHA256 | e3d5915c74797a084d8525cc5fb8da08d0c1256b7ea75f6687fee3f28d2c58df |
| SHA512 | ccf8477dfc771c00a5a0e3b3cc0bbce06291679f077f24858b1547de4ac21fd21805c1a1ef6ae8a0215b8b956562a349ee32a956ca5750ff8923c6c19335474a |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf
| MD5 | fd393a7c5b16eba60e38b72b5fa3a2dd |
| SHA1 | d074eb1baea8caf869ba6aba69b9cc9b2fc4568f |
| SHA256 | c052352137ae8d283840a0e2991a675d47859d8fdbae5726d373d4f0d97a8c87 |
| SHA512 | 30d5c5f5069580186ded817621ad2c6eca338216680c288b249972d420f009fe94f77ef44b106355223a80ade7f9d851a6e6fe6417d2bbbb35b9f0182a1c9180 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf
| MD5 | bf95af30d1db0fdb374cf646dc81b461 |
| SHA1 | 6bf52ccaba21c23a9b461af8cfb7574bad6bee3e |
| SHA256 | 74cbbe944f25c64f0fd2f158716a648b970e3df714f8ca2644d56f65f5eeee4e |
| SHA512 | 52c5fc608d9e771cffc6de8ffcb953240cd445e77c4d65582dba198eec33c247891bed32de7b88c22f177e07c094716210623d1381c4cbb68fc5ad048cc24e3b |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf
| MD5 | 82f2c632a76dc9922cd85630d0c97db9 |
| SHA1 | 4558e69543903a058b3d5a7b8f50a6dea8ea50f9 |
| SHA256 | 60ce1d029e35b432dd68cc9f6c94f69bd84d8c97f28f06130186606dd2c3325d |
| SHA512 | cbfe37179fa4bd8618eade5e5168dcfab9d784586319014692bcfc7f767187e4beee24b3afb471abdd9adde747eaf51648926ed1a790e9f8458152c283fb34e0 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf
| MD5 | fc6ec655d6a00c567119522854e24172 |
| SHA1 | b72baef2dc0aca98cf7d3458cc027f4b0622db08 |
| SHA256 | 0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611 |
| SHA512 | 0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a |
memory/1984-396-0x000001F45F5F0000-0x000001F45F600000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf
| MD5 | 34699ac8824cdb6593b4dbef605dd6b2 |
| SHA1 | 22ff82e35cbb1ac9053f767f404ee351786fe0c2 |
| SHA256 | 328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6 |
| SHA512 | fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
| MD5 | bd4c30081a164037311e8712423c5bf2 |
| SHA1 | 2a13bc7987ca34644b075c1fe197ba293b4ca527 |
| SHA256 | bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba |
| SHA512 | 2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf
| MD5 | 7b5138efef2c02dda9cfae9917cd913f |
| SHA1 | b44b58f354c4a68e119df226f01ad763b2d1025c |
| SHA256 | 9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba |
| SHA512 | 47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | d8fb9306ac7066601ecb7c02b97aabc9 |
| SHA1 | 69f04998687ec7df6004d6c25f495b0a76312b32 |
| SHA256 | 21ec29719733b1b20706504c3d6c9de14ce9a363448683596770d7e1cd639ade |
| SHA512 | 668ba371dfedc17e80649f041471fcc352ccc58d1aa49865754d1ab1e1092e2bcf7969c42d2c45e780b8e8dc95111eb498cf71e649009bbe77791d38bc5fcec9 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf
| MD5 | 9390ee64243e5335b79e33e5e8311341 |
| SHA1 | c8d4b3ab79f6b12311eb4e4da29e709e583b5870 |
| SHA256 | cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef |
| SHA512 | ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf
| MD5 | 778376d22591a4a98bf83ac555ddf413 |
| SHA1 | 608172ca18450b4cc61ff6cc155f66cff55c5bf9 |
| SHA256 | 8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53 |
| SHA512 | e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf
| MD5 | f0b22427c3ddce97435c84ce50239878 |
| SHA1 | a4a61de819c79dc743df4c5b152382f7e2e7168d |
| SHA256 | 0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084 |
| SHA512 | ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9872cf632de6e98c7fbc7749ff745c20 |
| SHA1 | 828c7a09dd6efa41b94fb70e320671a8e2c92cb6 |
| SHA256 | 6cdd5ef85cfabc8fe69ea1edd88798a3bde1f19cc32dda518cf85a61ff701da3 |
| SHA512 | cd884279a89aa9a7ad827b2bd91ae2786f752016dc3ca0010309d2247c8031951af324ceb75e1e027de509dce364e906af5b0f97a590e6a164c82ba618b415af |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf
| MD5 | 12764d72c2cee67144991a62e8e0d1c5 |
| SHA1 | f61be58fea99ad23ef720fbc189673a6e3fd6a64 |
| SHA256 | 194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d |
| SHA512 | fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf
| MD5 | ac01114123630edca1bd86dc859c65e7 |
| SHA1 | f7e68b5f5e52814121077d40a845a90214b29d41 |
| SHA256 | 1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c |
| SHA512 | 1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf
| MD5 | e782457ebb0389715abdf5a9e20b3234 |
| SHA1 | e0d9ad78d1972d056d015452ed8dee529e8bb24b |
| SHA256 | 0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461 |
| SHA512 | 3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf
| MD5 | 27dfbbe8ee4015763e3c51d73474e94a |
| SHA1 | 4328cdc9a3f9c6b7df0624c81afbd3459f213e40 |
| SHA256 | b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e |
| SHA512 | 42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375 |
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt
| MD5 | 793eae5fb25086c0e169081b6034a053 |
| SHA1 | 3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475 |
| SHA256 | 14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980 |
| SHA512 | 5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 7fba44cb533472c1e260d1f28892d86b |
| SHA1 | 727dce051fc511e000053952d568f77b538107bb |
| SHA256 | 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf |
| SHA512 | 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031 |
memory/1984-486-0x000001F4649A0000-0x000001F4649B0000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | 6a4814c17c2e7331fbb554f2c07e2161 |
| SHA1 | 5fe2ad5ce3ad05ca5cda350c36be9245a271f954 |
| SHA256 | 07988b4ba498ec6cb1c9c9aca470e408a22843582b77bea6e5a7b6567f25d75b |
| SHA512 | bd4f3067e2a5e6e739ee48e826e045a4e9dcb55fea4c4b39ed2836ef8d7ea2e2925c364c28f8cbfe74fc7b6efdbf0b67f2b81fb017763d927b7fc9dcd27ea505 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 0f2e2cca308618d200a5e759fa3aa87e |
| SHA1 | 65bfc4f32f4de63db5e133dd062cba74eef1a08d |
| SHA256 | 542c12c6902f1ceeff26afd590a45f7e2c66f8da9e0c8f10420bb809e7354bb3 |
| SHA512 | 4895e1a93f1c5f444017c85e7c4ac3debdf076e16ccf9ba346c997cbcff57ab00f4b9ff1eb6c46f0c5ba3e6a518933c28d5301d86bf086bb453356b69170706f |
memory/4224-554-0x000001E90CFB0000-0x000001E90CFE1000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 5328a03932313e7832a9293b3bbc94de |
| SHA1 | e43950e7d80a0f042c8009e57b4f169b1f71aaa8 |
| SHA256 | 5c3367c47e58a3a4b3b7601dffd06fd35f3cfc21deb0ec7ef2843545b0c529f9 |
| SHA512 | 72ac788b5607353f3037f974f136456b258f7d3eeb8888c215f90e604b9188d8588dd4283d63b76458af200f9173ba6fa05cd27bf434ff43fa3906580d47fc68 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 1a14a075573b7cde81aaf721b1b4adf1 |
| SHA1 | a76966201970e9cb7d6acb1f633d455396707596 |
| SHA256 | df3a08dad9f097adfbd34d6aca2f099f14c2e1fcc1c5eb7db747a7de16bce7fa |
| SHA512 | 9c768bc7ab2d8de9055894e8db1fa126b9537b7547bc8fd47ad67a0ec7037be12f7fb24ad2ea3d947eb00b7d51171dbc3a17134c4751d04ac712630a500e1fd1 |
memory/2616-583-0x000002D0CF0F0000-0x000002D0CF121000-memory.dmp
memory/484-584-0x000001C774640000-0x000001C774671000-memory.dmp
memory/2064-586-0x000001A002820000-0x000001A002851000-memory.dmp
memory/3316-587-0x000001E36F6A0000-0x000001E36F6D1000-memory.dmp
memory/3764-585-0x0000029A535F0000-0x0000029A53621000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus
| MD5 | e4bd25ebebbf9f5c56428fa80a78b4cb |
| SHA1 | 9508ba9c2f7a5c7197011d668b17ac3714a67b24 |
| SHA256 | 09d8368424b1adab39c7542a46c7a1edef203c107e6df6f3ade60d7af9521ccd |
| SHA512 | d7971af2d8357cd7ee6fa10176d1d959a60175dd54658dd168ca2f094253e2de95a0959341aebbb25754315bbb4e37e0bd195be7104a06c17403ff4a92c5f02b |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | 0f6a23ce283311312229adedd4bfd231 |
| SHA1 | 22855e7141ad6421dac9870794123c29b5702583 |
| SHA256 | 55eef12287d391d62d729d13b474fc3c64eb4807065d1d51ae611b6f703b9570 |
| SHA512 | d4dfe55a7ee7999e7dfb819dcfaf7f18c4c8ebb0a7e05af4f1e45a0c0b9d2fefdcd89b45894973879ee105cea0188f56d63701d569db314b0d05a6a732f4e1c1 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
| MD5 | 8ceb73233e00ca40caebe048ced800fe |
| SHA1 | ea84911088884677155b01c5bd8d32a3e1b65c5e |
| SHA256 | 16802d8852afc56aa13859f23ea9a21c4107039ae26ed99f7f24e967ce8c91e1 |
| SHA512 | 2081de8f3c230c569f784fb637a082abe6125fb29f1ab7ba8346db4766c0c05d36db81466082f4b163e5b8a4cfa554df74a06edae1e6ac552b3aa82c49541ed1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
140s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/1960-0-0x00007FF862970000-0x00007FF86297B000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
84s
Max time network
97s
Command Line
Signatures
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Browser\\AccessibleMarshal.dll" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods\ = "18" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ = "ISimpleDOMText" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods\ = "8" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Interface | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ = "ISimpleDOMDocument" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Browser\\AccessibleMarshal.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods\ = "9" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "PSFactoryBuffer" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Browser\AccessibleMarshal.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
140s
Max time network
152s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\conjure-client.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\conjure-client.exe"
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.22:443 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.19:443 | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
147s
Max time network
158s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Browser\fonts\NotoSansNKo-Regular.ps1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/1004-0-0x00007FFD081D3000-0x00007FFD081D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eh4h3ldm.wfk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1004-9-0x000001FAE0920000-0x000001FAE0942000-memory.dmp
memory/1004-10-0x00007FFD081D0000-0x00007FFD08C92000-memory.dmp
memory/1004-11-0x00007FFD081D0000-0x00007FFD08C92000-memory.dmp
memory/1004-12-0x00007FFD081D0000-0x00007FFD08C92000-memory.dmp
memory/1004-15-0x00007FFD081D0000-0x00007FFD08C92000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
83s
Max time network
96s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\plugin-container.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\plugin-container.exe"
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
89s
Max time network
97s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\softokn3.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:09
Platform
win11-20240508-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\chrome\browser\content\browser\migration\migration-dialog-window.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
83s
Max time network
97s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
Network
Files
memory/980-0-0x00007FF95FC80000-0x00007FF95FC8F000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\snowflake-client.exe
"C:\Users\Admin\AppData\Local\Temp\Browser\TorBrowser\Tor\PluggableTransports\snowflake-client.exe"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
84s
Max time network
102s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\freebl3.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
84s
Max time network
104s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.21:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
84s
Max time network
103s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\nssckbi.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
83s
Max time network
97s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\xul.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
148s
Max time network
164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
memory/784-0-0x00007FF9A9A00000-0x00007FF9A9A0D000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240508-en
Max time kernel
83s
Max time network
101s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\mozavutil.dll,#1
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
83s
Max time network
99s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Browser\defaults\pref\channel-prefs.js
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.21:443 | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
90s
Max time network
98s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\ipcclientcerts.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:09
Platform
win11-20240508-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\chrome\browser\content\browser\migration\migration-dialog-window.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff848ac3cb8,0x7ff848ac3cc8,0x7ff848ac3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,16166696606691978081,15166427618563804962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
\??\pipe\LOCAL\crashpad_3872_LILOZSMCRDBRPNOX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c15d1ddcfe9b7b1d8a3706b0bc3cf75 |
| SHA1 | e5c34cc3c2a92a1ddbd52606362154a57cdb5d9d |
| SHA256 | a08e1788f3a739cc845d783c9406fe96bca7af592ffaf2d5e5759b543bd2639b |
| SHA512 | 892b35929050064cab70e042f963019030739360ca36e8e0db168418ff4ef7611d3a91438412936f8fa451a04e8804d38057fae3ac56255accf4be906be07210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 987c7ca7de436a8928b14ecc57c18583 |
| SHA1 | ce0f292a569af376378ff605ec259813d642d948 |
| SHA256 | daf7952b552dc122372394a3af355d287d506392ac3356d7266f607a86cdebf2 |
| SHA512 | aa66f4e4f59c1b220596f5a67fd580a0104f34c73f69313d51aaa47f09121b082fb0db270951671dd51a6a5bd7c74978e68fb0058cf5e052df4c48c671617326 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 063a96e1e3b7d0485d50c16029387707 |
| SHA1 | d68f5adc22892c1f34616401821efff1eb70b91a |
| SHA256 | 5670293265415c9a31a398f1a57a218b113be83ea255a2cf4d9edbea7ed11eb3 |
| SHA512 | c49b4b5c462db664634b6b1272341efc34af7b865de6218826761a1a090ccdeabec641fa7965ae3b6698b0315d9fda96f6e2992d98b39cc831ed463af1e93b84 |
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-25 22:03
Reported
2024-05-25 22:10
Platform
win11-20240426-en
Max time kernel
82s
Max time network
101s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Browser\lgpllibs.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |