Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/k...

windows10-2004-x64

10

Resubmissions

27/06/2024, 22:14

240627-15qhvswgll 6

25/06/2024, 12:16

240625-pfngesscmm 10

Analysis

  • max time kernel
    500s
  • max time network
    502s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/kh4sh3i/Ransomware-Samples

Score
10/10
cerberdiscoveryevasionpersistenceprivilege_escalationransomwaretrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___D4F8OFCW_.txt

Family

cerber

Ransom Note
CERBER RANSOMWARE ----- YOUR DOCUMENTS, PH0TOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only way to decrypt y0ur files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_READ_THIS_FILE_*) with complete instructions how to decrypt your files. If you cannot find any (*_READ_THIS_FILE_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://p27dokhpz2n7nvgr.onion/8A9D-069A-1384-0446-93BE Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE 2. http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE 3. http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE 4. http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE 5. http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://p27dokhpz2n7nvgr.onion/8A9D-069A-1384-0446-93BE

http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE

http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE

http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE

http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE

http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___4OM3_.hta

Family

cerber

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;: Instructi&#111;ns</title> <HTA:APPLICATION APPLICATIONNAME="4V2" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } ul { list-style-type: none; margin: 0; padding: 0; } .button { color: #04a; cursor: pointer; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .h { display: none; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #efe; border: 2pt solid #bda; display: inline-block; padding: 1.5%; text-align: center; } .updating { color: red; display: none; padding-left: 35px; background: url("data:image/gif;base64,R0lGODlhGQAZAKIEAMzMzJmZmTMzM2ZmZgAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFAAAEACwAAAAAGQAZAAADVki63P4wSEiZvLXemRf4yhYoQ0l9aMiVLISCDms+L/DIwwnfc+c3qZ9g6Hn5hkhF7YgUKI2dpvNpExJ/WKquSoMCvd9geDeuBpcuGFrcQWep5Df7jU0AACH5BAUAAAQALAoAAQAOABQAAAMwSLDU/iu+Gdl0FbTAqeXg5YCdSJCBuZVqKw5wC8/qHJv2IN+uKvytn9AnFBCHx0cCACH5BAUAAAQALAoABAAOABQAAAMzSLoEzrC5F9Wk9YK6Jv8gEYzgaH4myaVBqYbfIINyHdcDI+wKniu7YG+2CPI4RgFI+EkAACH5BAUAAAQALAQACgAUAA4AAAMzSLrcBNDJBeuUNd6WwXbWtwnkFZwMqUpnu6il06IKLChDrsxBGufAHW0C1IlwxeMieEkAACH5BAUAAAQALAEACgAUAA4AAAM0SLLU/lAtFquctk6aIe5gGA1kBpwPqVZn66hl1KINPDRB3sxAGufAHc0C1IkIxcARZ4QkAAAh+QQFAAAEACwBAAQADgAUAAADMUhK0vurSfiko8oKHC//yyCCYvmVI4cOZAq+UCCDcv3VM4cHCuDHOZ/wI/xxigDQMAEAIfkEBQAABAAsAQABAA4AFAAAAzNIuizOkLgZ13xraHVF1puEKWBYlUP1pWrLBLALz+0cq3Yg324PAUAXcNgaBlVGgPAISQAAIfkEBQAABAAsAQABABQADgAAAzRIujzOMBJHpaXPksAVHoogMlzpZWK6lF2UjgobSK9AtjSs7QTg8xCfELgQ/og9I1IxXCYAADs=") left no-repeat; } #change_language { float: right; } #change_language, #texts div { display: none; } </style> </head> <body> <div class="container"> <div class="header"> <a id="change_language" href="#" onclick="return changeLanguage1();" title="English">&#9745; English</a> <h1>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;</h1> <small id="title">Instructions</small> </div> <div id="languages"> <p>&#9745; Select your language</p> <ul> <li><a href="#" title="English" onclick="return sh_bl('en');">English</a></li> <li><a href="#" title="Arabic" onclick="return sh_bl('ar');">العربية</a></li> <li><a href="#" title="Chinese" onclick="return sh_bl('zh');">中文</a></li> <li><a href="#" title="Dutch" onclick="return sh_bl('nl');">Nederlands</a></li> <li><a href="#" title="French" onclick="return sh_bl('fr');">Français</a></li> <li><a href="#" title="German" onclick="return sh_bl('de');">Deutsch</a></li> <li><a href="#" title="Italian" onclick="return sh_bl('it');">Italiano</a></li> <li><a href="#" title="Japanese" onclick="return sh_bl('ja');">日本語</a></li> <li><a href="#" title="Korean" onclick="return sh_bl('ko');">한국어</a></li> <li><a href="#" title="Polish" onclick="return sh_bl('pl');">Polski</a></li> <li><a href="#" title="Portuguese" onclick="return sh_bl('pt');">Português</a></li> <li><a href="#" title="Spanish" onclick="return sh_bl('es');">Español</a></li> <li><a href="#" title="Turkish" onclick="return sh_bl('tr');">Türkçe</a></li> </ul> </div> <div id="texts"> <div id="en"> <p>Can't yo<span class="h">mtm32L</span>u find the necessary files?<br>Is the c<span class="h">dPHPlhufuF</span>ontent of your files not readable?</p> <p>It is normal be<span class="h">Bdx711</span>cause the files' names and the data in your files have been encryp<span class="h">t</span>ted by "Ce<span class="h">d</span>r&#98;er&nbsp;Rans&#111;mware".</p> <p>It me<span class="h">EvvxpQm5m</span>ans your files are NOT damage<span class="h">fI</span>d! Your files are modified only. This modification is reversible.<br>F<span class="h">H8NaP</span>rom now it is not poss<span class="h">yMEb</span>ible to use your files until they will be decrypted.</p> <p>The only way to dec<span class="h">5Cn</span>rypt your files safely is to &#98;uy the special decryption software "C<span class="h">A</span>er&#98;er&nbsp;Decryptor".</p> <p>Any attempts to rest<span class="h">ijeg2m</span>ore your files with the thir<span class="h">6p4hLZW</span>d-party software will be fatal for your files!</p> <hr> <p class="w331208">You can proc<span class="h">5Nu4pS</span>eed with purchasing of the decryption softw<span class="h">bEkBI</span>are at your personal page:</p> <p><span class="info"><span class="updating">Ple<span class="h">9L</span>ase wait...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE</a></span></p> <p>If t<span class="h">4JEfthEQ</span>his page cannot be opened &nbsp;<span class="button" onclick="return _url_upd_('en');">cli<span class="h">h8</span>ck here</span>&nbsp; to get a new addr<span class="h">GV3fp</span>ess of your personal page.<br><br>If the addre<span class="h">aw</span>ss of your personal page is the same as befo<span class="h">po</span>re after you tried to get a new one,<br>you c<span class="h">ua</span>an try to get a new address in one hour.</p> <p>At th<span class="h">TMA6JqHrb</span>is p&#097;ge you will receive the complete instr<span class="h">M4Oab</span>uctions how to buy the decrypti<span class="h">eXrPig</span>on software for restoring all your files.</p> <p>Also at this p&#097;ge you will be able to res<span class="h">ET</span>tore any one file for free to be sure "Cer&#98;e<span class="h">Pc</span>r&nbsp;Decryptor" will help you.</p> <hr> <p>If your per<span class="h">d4</span>sonal page is not availa<span class="h">7</span>ble for a long period there is another way to open your personal page - insta<span class="h">Cal</span>llation and use of Tor&nbsp;Browser:</p> <ol> <li>run your Inte<span class="h">u</span>rnet browser (if you do not know wh&#097;t it is run the Internet&nbsp;Explorer);</li> <li>ent<span class="h">ULNrq0U8</span>er or copy the &#097;ddress <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/downlo&#097;d/download-easy.html.en</a> into the address bar of your browser &#097;nd press ENTER;</li> <li>wait for the site load<span class="h">0TQJ</span>ing;</li> <li>on the site you will be offered to do<span class="h">IYhyiv5CFL</span>wnload Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>ru<span class="h">3HC4q</span>n Tor&nbsp;Browser;</li> <li>connect with the butt<span class="h">sY</span>on "Connect" (if you use the English version);</li> <li>a normal Internet bro<span class="h">5Muu1Scoi7</span>wser window will be opened &#097;fter the initialization;</li> <li>type or copy the add<span class="h">7F</span>ress <br><span class="info">http://p27dokhpz2n7nvgr.onion/8A9D-069A-1384-0446-93BE</span><br> in this browser address bar;</li> <li>pre<span class="h">mXRtlX</span>ss ENTER;</li> <li>the site sho<span class="h">fN7IasI08</span>uld be loaded; if for some reason the site is not lo<span class="h">e4iJNDPV3</span>ading wait for a moment and try again.</li> </ol> <p>If you have any pr<span class="h">YyWDK</span>oblems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the searc<span class="h">NNvd</span>h bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p> <hr> <p><strong>Addit<span class="h">NG</span>ional information:</strong></p> <p>You will fi<span class="h">RHpzC1o</span>nd the instru<span class="h">dhYARGfsY</span>cti&#111;ns ("*_READ_THIS_FILE_*.hta") for re<span class="h">fX8RMuCSy</span>st&#111;ring y&#111;ur files in &#097;ny f<span class="h">B9</span>&#111;lder with your enc<span class="h">Vpgr4dkWJK</span>rypted files.</p> <p>The instr<span class="h">VMel</span>ucti&#111;ns "*_READ_THIS_FILE_*.hta" in the f<span class="h">z7MzWe</span>&#111;lder<span class="h">JE</span>s with your encry<span class="h">M0Oseqd</span>pted files are not vir<span class="h">RzVs8TzqS</span>uses! The instruc<span class="h">sH</span>tions "*_READ_THIS_FILE_*.hta" will he<span class="h">l8rBN</span>lp you to dec<span class="h">kL8</span>rypt your files.</p> <p>Remembe<span class="h">4Xq</span>r! The w&#111;rst si<span class="h">xgN</span>tu&#097;tion already happ<span class="h">Rmyhk3PXo</span>ened and n&#111;w the future of your files de<span class="h">Y40D8wUX5</span>pends on your determ<span class="h">rtpaD</span>ination and speed of your actions.</p> </div> <div id="ar" style="direction: rtl;"> <p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p> <p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cer&#98;er&nbsp;Rans&#111;mware".</p> <p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p> <p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cer&#98;er&nbsp;Decryptor".</p> <p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p> <hr> <p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p> <p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/8A9D-069A-1384-0446-93BE</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/8A9D-069A-1384-0446-93BE</a></span></p> <p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return _url_upd_('ar');">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p> <p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p> <p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cer&#98;er&nbsp;Decryptor" سوف يساعدك.</p> <hr> <p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p> <ol> <li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li> <li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li> <li>انتظر لتحميل الموقع;</li> <li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li> <li>قم بتشغيل متصفح Tor;</li> <li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li> <li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li> <li>قم بكتابة أو نسخ العنوان <br><span class="info">http://p27dokhpz2n7nvgr.onion/8A9D-069A-1384-0446-93BE</span><br> في شريط العنوان في المتصفح;</li> <li>اضغط ENTER;</li> <li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li> </ol> <p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p> <hr> <p><strong>معلومات إض<span class="h">QuxB</span>افية:</strong></p> <p>س<span class="h">JgNl</span>وف تجد إرشادات استعادة الملفات الخاصة بك ("*_READ_THIS_FILE_*") في أي مجلد مع ملفاتك المشفرة.</p> <p>الإرش<span class="h">pokWilcZUu</span>ادات ("*_READ_THIS_FILE_*") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*_READ_THIS_FILE_*") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p> <p>تذكر أن أسوأ مو<span class="h">H</span>قف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p> </div> <div id="zh"> <p>您找不到所需的文件?<br>您文件的内容无法阅读?</p> <p>这是正常的,因为您文件的文件名和数据已经被“Cer&#98;er&nbsp;Rans&#111;mware”加密了。</p> <p>这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之前��

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Contacts a large (1133) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 24 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 38 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kh4sh3i/Ransomware-Samples
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c7ab58,0x7ffd15c7ab68,0x7ffd15c7ab78
      2⤵
        PID:2228
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:2
        2⤵
          PID:4124
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
          2⤵
            PID:1892
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
            2⤵
              PID:2592
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:1
              2⤵
                PID:2156
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:1
                2⤵
                  PID:4208
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                  2⤵
                    PID:1884
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                    2⤵
                      PID:4840
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                      2⤵
                        PID:2128
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                        2⤵
                          PID:4864
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                          2⤵
                            PID:4896
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3168
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1904,i,9184197726976733274,8220141299316214129,131072 /prefetch:8
                            2⤵
                              PID:620
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:2264
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:1584
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:2412
                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe
                                "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe"
                                1⤵
                                • Drops startup file
                                • Drops file in System32 directory
                                • Sets desktop wallpaper using registry
                                • Drops file in Program Files directory
                                • Drops file in Windows directory
                                • Modifies registry class
                                PID:2776
                                • C:\Windows\SysWOW64\netsh.exe
                                  C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                  2⤵
                                  • Modifies Windows Firewall
                                  • Event Triggered Execution: Netsh Helper DLL
                                  PID:4484
                                • C:\Windows\SysWOW64\netsh.exe
                                  C:\Windows\system32\netsh.exe advfirewall reset
                                  2⤵
                                  • Modifies Windows Firewall
                                  • Event Triggered Execution: Netsh Helper DLL
                                  PID:5000
                                • C:\Windows\SysWOW64\mshta.exe
                                  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___KQS1PL_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                  2⤵
                                    PID:2692
                                  • C:\Windows\SysWOW64\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___YQRGT_.txt
                                    2⤵
                                    • Opens file in notepad (likely ransom note)
                                    PID:2240
                                  • C:\Windows\SysWOW64\cmd.exe
                                    "C:\Windows\system32\cmd.exe"
                                    2⤵
                                      PID:2804
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im "cerber.exe"
                                        3⤵
                                        • Kills process with taskkill
                                        PID:3616
                                      • C:\Windows\SysWOW64\PING.EXE
                                        ping -n 1 127.0.0.1
                                        3⤵
                                        • Runs ping.exe
                                        PID:1188
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                                    1⤵
                                      PID:4360
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                        2⤵
                                        • Checks processor information in registry
                                        • Modifies registry class
                                        • NTFS ADS
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2712
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.0.314116649\1410770549" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b901c2f4-f3d0-4a4d-97b5-a79e876d6945} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 1852 2406b50cf58 gpu
                                          3⤵
                                            PID:1512
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.1.1026901038\1312049847" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3f0434-7918-46fa-97e3-ffcd5caa48db} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 2420 24057189f58 socket
                                            3⤵
                                              PID:4780
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.2.284371588\1413421294" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22903b18-c6ae-4b66-8d00-211dc5b88a30} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 2980 2406dde1e58 tab
                                              3⤵
                                                PID:3936
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.3.2120177084\1030092607" -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55024db9-7eb9-4c42-8269-87242f0bd246} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 3652 2407056a658 tab
                                                3⤵
                                                  PID:796
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.4.1182994689\361788944" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 4304 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f39e14d7-17d1-49db-a650-b0e2febc7def} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 5112 2407214b658 tab
                                                  3⤵
                                                    PID:5156
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.5.1636610090\143288811" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {236619ca-cfec-4170-bf8f-a350cd7e57c0} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 5248 24072c6ea58 tab
                                                    3⤵
                                                      PID:5164
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.6.1004052045\1523453491" -childID 5 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a419fd-160d-497f-9740-964820f63064} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 5448 24072c6f958 tab
                                                      3⤵
                                                        PID:5172
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.7.49422565\899828284" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 2792 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {162f9e57-23cb-49c7-8f4c-45bf78dc3cc5} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 5292 24070df1f58 tab
                                                        3⤵
                                                          PID:5532
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.8.1971800088\1075905169" -childID 7 -isForBrowser -prefsHandle 6252 -prefMapHandle 6248 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c3ffaf8-7d02-4aa8-bec4-1e91c9a16821} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 6260 24074a21458 tab
                                                          3⤵
                                                            PID:5980
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2712.9.569731205\324256072" -childID 8 -isForBrowser -prefsHandle 6212 -prefMapHandle 5412 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c51be9d-5713-4289-aa04-a9ac9c87121a} 2712 "\\.\pipe\gecko-crash-server-pipe.2712" 6160 2407361a858 tab
                                                            3⤵
                                                              PID:5908
                                                        • C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.exe
                                                          "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.exe"
                                                          1⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Modifies registry class
                                                          PID:5236
                                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:5860
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                              3⤵
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Checks whether UAC is enabled
                                                              • Checks processor information in registry
                                                              • Suspicious use of FindShellTrayWindow
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:3752
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.0.1598701598\1207266703" -parentBuildID 20240611120000 -prefsHandle 2764 -prefMapHandle 2756 -prefsLen 19245 -prefMapSize 240228 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {45c3587e-3b39-40a4-a186-58904ae219cc} 3752 gpu
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:2284
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.1.533885942\1827117215" -childID 1 -isForBrowser -prefsHandle 2156 -prefMapHandle 1764 -prefsLen 20081 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4f61b0e5-69ce-417f-9bc8-f0e29dc5eed8} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:5836
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:f5fffc56abf0f99d602a2a04310eb68a2bc6355d80dccd62948467182a +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3752 DisableNetwork 1
                                                                4⤵
                                                                • Executes dropped EXE
                                                                PID:4828
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.2.1509298613\1316471605" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 2208 -prefsLen 20893 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {76d409b2-9ba6-4b07-9b36-1d02e662c26b} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:1172
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.3.43959315\1053405611" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3380 -prefsLen 20970 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {94c2fa2b-c8f6-48c4-bf7b-ea4e53eb9e7d} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:1304
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.4.707369325\248207612" -parentBuildID 20240611120000 -prefsHandle 1720 -prefMapHandle 3328 -prefsLen 24174 -prefMapSize 240228 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f79de4cf-9318-42eb-85b7-1f0981847e44} 3752 rdd
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:6288
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.5.1689940316\585174093" -childID 4 -isForBrowser -prefsHandle 3176 -prefMapHandle 3108 -prefsLen 22491 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {12386602-7f0a-474a-9003-c818a37ab55e} 3752 tab
                                                                4⤵
                                                                • Checks computer location settings
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:6204
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.6.967290885\1644964838" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 22491 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9869e7f1-02c7-4e5a-806b-a6500bd518ab} 3752 tab
                                                                4⤵
                                                                • Checks computer location settings
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:6260
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.7.2073573922\1282515895" -childID 6 -isForBrowser -prefsHandle 4424 -prefMapHandle 4428 -prefsLen 22491 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {30e5299f-dada-467e-b58f-22cb5d669f78} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:6404
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.8.1815261364\1929375317" -childID 7 -isForBrowser -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 22614 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {13706f1b-f04b-4817-b5ce-3b6966ba21b8} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:6916
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3752.9.902238893\1084747525" -childID 8 -isForBrowser -prefsHandle 4204 -prefMapHandle 4200 -prefsLen 22989 -prefMapSize 240228 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5969b74b-e9a4-4196-804c-34310337abfb} 3752 tab
                                                                4⤵
                                                                • Executes dropped EXE
                                                                PID:5568
                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___YQRGT_.txt
                                                          1⤵
                                                          • Opens file in notepad (likely ransom note)
                                                          PID:6180
                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:7064
                                                          • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                            "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                            2⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Checks whether UAC is enabled
                                                            • Checks processor information in registry
                                                            • Modifies registry class
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:5780
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.0.138349930\1149177944" -parentBuildID 20240611120000 -prefsHandle 1884 -prefMapHandle 1868 -prefsLen 21673 -prefMapSize 241692 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {16d03982-cc61-486e-959d-0b3b3ba5fece} 5780 gpu
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:6540
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:a40c166011e4694c60f872d470c3d54a428f9ad03299a520e10c074209 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 5780 DisableNetwork 1
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:7076
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.1.688198768\1784041398" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 21747 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3af440f0-f7f8-4825-b232-b78c01087081} 5780 tab
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:7128
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.2.921853254\1270524993" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3176 -prefsLen 21877 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {39eb0386-192c-4063-b05a-c5bdf002b2fe} 5780 tab
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:6980
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.3.335209863\301948741" -childID 3 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 20713 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {17895404-77b4-464d-8ae3-5b3fbdb6729d} 5780 tab
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:964
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.4.284770401\1267985546" -childID 4 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 20713 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {74632e97-176f-4807-a41b-521c618186fc} 5780 tab
                                                              3⤵
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              PID:1124
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.5.1102099108\84068797" -childID 5 -isForBrowser -prefsHandle 4220 -prefMapHandle 4224 -prefsLen 20713 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fb0d9fa9-7d26-41e7-a2d6-2f7f9fc48e9f} 5780 tab
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:7124
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5780.6.1982623251\959742763" -childID 6 -isForBrowser -prefsHandle 4052 -prefMapHandle 1828 -prefsLen 21225 -prefMapSize 241692 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c7b95b64-b1ba-4ee9-a533-a676410e7dbc} 5780 tab
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:6408

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                          Filesize

                                                          37KB

                                                          MD5

                                                          2f68d90da267ebb0cacf16a200add3f7

                                                          SHA1

                                                          d246141eb575d54d6535451c9df2df25f240f426

                                                          SHA256

                                                          8007bd0e2aef26451946dccbb7ec087c329ab94355baf784a6d25917c74dd9ef

                                                          SHA512

                                                          70e9149199825ad6b31b60ec3595a2582b3aa8c1910c6fd0256728304959ff4c95fad74b356f1e99ccd40c9d2b6b1d74701cbb49c966e22ae2dd086220a8f334

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
                                                          Filesize

                                                          37KB

                                                          MD5

                                                          669b1563b95fce26d9ddc3c7e9bdc538

                                                          SHA1

                                                          275e4ae2606a0da908003b77ea06b24ea8b66214

                                                          SHA256

                                                          d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

                                                          SHA512

                                                          09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
                                                          Filesize

                                                          20KB

                                                          MD5

                                                          10931e6644261e0333a682d55db8125b

                                                          SHA1

                                                          13d50ed13f366c583219d8ebb758fae10e6e62a5

                                                          SHA256

                                                          c6410eee37d64b5db1d6bc8df97b31db2a65237933fb41585d044d1960bfedaf

                                                          SHA512

                                                          ea748be7c53ed7dd4925d350323bc33de97414d51a2fa21e8e048b3d250be24d44da6065ce19172a5b5a2810ba2ad62ef9ee5a7e797047401cc60e9b87f484f4

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
                                                          Filesize

                                                          36KB

                                                          MD5

                                                          01369d5062d49b270c8dd6ab535bc403

                                                          SHA1

                                                          39c654df64cd7386081da8108f23573f331debab

                                                          SHA256

                                                          ed672ed37bfdadddb835de8c346655a17b653094197a2d6080e6777fa59785ea

                                                          SHA512

                                                          de704934135717cb62e4d15ef1666e78b3d43c17ff5d50b279c21a5318ac2ce0cea88ebeb17b66f4668e1ca1a8801bdd6bab0194b157b1da6bd90c71b29da08e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
                                                          Filesize

                                                          22KB

                                                          MD5

                                                          1ac27973084a93966f6a90d5b518e258

                                                          SHA1

                                                          787986ea7a061e18e3d858c919a7692c6d100ed3

                                                          SHA256

                                                          f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8

                                                          SHA512

                                                          3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          2ff2645a211d1220b6f270c7c0fb114e

                                                          SHA1

                                                          2a2e98642fa8ed872f466dc9c3a9fb2aba5c7c78

                                                          SHA256

                                                          1bf6517e371f8ebcc60dab518d89cf6302a45bb31bd87bc516a14d4e433779d1

                                                          SHA512

                                                          7331fd01e90d2db27ce6d1fa8066238a1909045f26b6a15b394f6534d21feffcc2f12c77ca020f377cfd110846fdf0e4d0543ab31ab6c4b68c23cf1eaa6e78f4

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          3c8ffdca2085e15c4619b94bd328dbda

                                                          SHA1

                                                          41fa0c80e2eff6ae22db2143ab4f6c281521be4e

                                                          SHA256

                                                          fb15640e7a5c22dac2ee46201d2549baac66601c408d576b1d599e2327152e89

                                                          SHA512

                                                          1291aed161a25e8dea19ee40d5851e4058e7df1fa9918c4e7cace7ff40f1747319eaa0ec9df57ba707946e29b7384c9c9f3bef141cdf33a76af2c7287bd8d9b8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          bead1929c301ecd85e29c6c0a5bdd294

                                                          SHA1

                                                          b041d42de0e620fdab05216216f944d5c39efb09

                                                          SHA256

                                                          410edf1ab8c1b7598f4a20e396cd1c748135b644c40602bbe51959ffd25ece6d

                                                          SHA512

                                                          5561575931d4fde2cb22c936fdf8f99690f156cca3efb5bf2c770be78e31590ba879970c240ff7dec1cba5932b44618243fad27e79e4c144ab00d8f6a35b4dc8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          545b6b2d69d9b95d55e728b39e49e9c1

                                                          SHA1

                                                          2bd08ad37eb8136d276e1cfd63f3897059ebffad

                                                          SHA256

                                                          16f9fcc8735a3837982b1dbe268a2dfc5af960bf81a6228812b2faea4dbc7095

                                                          SHA512

                                                          2f6fb3f27b55989faf69cd783ce50b921004f72fc0f7bc1739c144f32a55215c46d260d9a416af8983d94df6d107c538da6e564140875c3baa0d7580a1942c15

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                          Filesize

                                                          2B

                                                          MD5

                                                          d751713988987e9331980363e24189ce

                                                          SHA1

                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                          SHA256

                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                          SHA512

                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          6b25b7fcf6a47766d69f1ef85b4cb8a9

                                                          SHA1

                                                          dec448ae4a3bd1eb80ec9d26c0bba4cdc84b4a66

                                                          SHA256

                                                          cc7d7bd99b524e2940b3ecaa9dc6fb6ecad6c7f0df2ca5689b6dd7ac175e6aa6

                                                          SHA512

                                                          16cd1a973c0e3c34bf60514eca643dcce783fc56eb847d1c8c378fa21e1b111d46d1ce3c40ae1c573d435c07b8ce03854014b7ef8af19193b95c22e7a1ad5f62

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          662e2499a4d9d2297fa13363ec468836

                                                          SHA1

                                                          13e796288e549263611d463236746859a5edc29e

                                                          SHA256

                                                          1d269ac5c601473a270ff162028eae3ea66e18e4b29aa05dd17c76149bd220de

                                                          SHA512

                                                          4bfef1f26d729bb6fbfcf9c8e706a601f7a9223cace56ca29b2e9c83c2277cb30ac95a4b71199df865717d4da97d53cf0ecd3eb296c8d822c09bdec385fcb0d1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          b42ecbe217aabf4fdad91a425b554368

                                                          SHA1

                                                          ff37151812f930e1f267dc1d163188fbb2b558d0

                                                          SHA256

                                                          98ec0c5f41c165f8195fe923604392610e4a80d318c2b4946f00bf5189f2034a

                                                          SHA512

                                                          cd709bfc60c4cdea8d652094ed75d2014493c1721e5f5f9f01cc5ed5780155f0ac5700a978e16586cc8a5ae16aacd30dba86722099162bfd10b3d3912efca2e3

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          d13e399d26c491ab378a7bd4d0d0a703

                                                          SHA1

                                                          17ffe1a4e01a9f2b73f5bb3f6319b806aecb2a3f

                                                          SHA256

                                                          1ee92c007df57955072d841f084c3f22e0fd847a0bda4c6eb8792bd0d8c5c047

                                                          SHA512

                                                          f232f325e68503f78099f3f6f6b4ba7d440eca260e15041097bf2dcb3bc3306360f017e3480578357b7eab6cd3ef25d8e2f77b4ebf3b83068529d3a894e25949

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          fd1eb3301bba40515a6100da28e0ecf9

                                                          SHA1

                                                          e7e64ab3f793096ef5776288de1f3504e70e9de6

                                                          SHA256

                                                          e8a065f9a0edf12682a9983c88cc851f3a4f7993318ff2f6ff0c0aa6e67781ec

                                                          SHA512

                                                          16b48c1b27e4bb9e9e04f596c32c299ee24a13b0e6542bf8835ed7033db094e85acb7cc017fd9fa5dd0047c48e1793ece5ab35a09bf92722fda48cfb689eb7c8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          0bac3733919dbc5a20eb124ea4a7b58e

                                                          SHA1

                                                          e40d2c06c8e02e357cff0456010c3e4c06e677a2

                                                          SHA256

                                                          a02731081473e87946718259c8d26cdf018b6168ab63d4b16fbaf8ac7854b1dc

                                                          SHA512

                                                          d892ca0e946feec05b92e5d76718c299ae3093f6311fdacdc55197fd235e23ac851cb29996622ff407107acb953e91e21cdb9fec31dec75f37b52a1ec81d0a85

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          0c2aa38af1c5f340c567053dd3619c5e

                                                          SHA1

                                                          41a37f065dac61a87ba9f41e3f8336f4b9245200

                                                          SHA256

                                                          74075b03a719bef24aab0915e8533c8728024c2e3e7c32e2ef06e0ff4563c660

                                                          SHA512

                                                          237468ac12d2302408fe375f3fbe9db4f7b9b7a7c27ec9d7f0cd3f2bcc1a81c89b04bb54e1ac2546a59210a0ab8b23bf947bee0b7178bbea9134d46127ff7ab9

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          02f276d5ebba623ed8af5a0f4e52a38c

                                                          SHA1

                                                          d37ec4dd66f8fde3f570bc418dd499f401903c39

                                                          SHA256

                                                          391018abe77768c48176a1c94c198681ceba028fbc72b54b3ee464c5e21249d0

                                                          SHA512

                                                          76d71b60bb9f5b86b9f933a1121a5ab440fab6aefddb1ef123fae4fb62eaa4e9b8a392c530039092da83df713113006b13acecd14a878c3efb34daf4f79dc67f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          bbee7f1895eac006e3c2b05f3d5c8b67

                                                          SHA1

                                                          fc6e21aedbf81bd2d849458ed8732656fc00536a

                                                          SHA256

                                                          f7be3f2593dc91e13e9d4d16f477f94426c8e537cab2d933ef0e04907a6cb6ed

                                                          SHA512

                                                          0ce020996f3e225ed3512eddd3bdf47f651f90ab15c1be687990ad7e77df66ef33b4ca75fac3229890358821d8cf374812134bcb3f5f8eb5179931d430c8c53b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          aacc0a71f0ba5ed956ccb3f76d711080

                                                          SHA1

                                                          ce9c584babc1159db3d148cd1ab9aba7cbf3082c

                                                          SHA256

                                                          755ee97f8962734fa33ce3494e02e89d14cc99f85ba8c20b6157732d12bb9e82

                                                          SHA512

                                                          121508e625c03fba2c7ce5cac96f723c67dd10ab034ecb61df6b8973e85927301827a73a8e6ebb13a84e212c15e37db51e4440be19aceacba98e11ea0c453ba1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          9ae1b76c9e9ad1abf016f1ed92d978cd

                                                          SHA1

                                                          eacd2a22428799c0c9f0c39c6fc8637d11149037

                                                          SHA256

                                                          e2935c9aa7ba7ea9bfe7256ae0741320d2010b47d8c6e7b0c9065df65b936bc0

                                                          SHA512

                                                          7f9850bfdea150c19dc66051fe28348e0abb7b022c45364b2cde24cd35b3c46e69373423eb3553a1ea121ac9d476e504a6ff39e5c109b460e220c96c947d80b2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          b6cf6967439d2a267b0fc890d1d252e0

                                                          SHA1

                                                          fa1e6b51723770da4599bbffc0b4ba4335eeb9f9

                                                          SHA256

                                                          5946bd3e9a756fe402fb03ca89b965153b0e2569b7c78473db18f8e85ed548fb

                                                          SHA512

                                                          dd4b7ffd922de5acbfee2d0b395e3ef3fe47ec18eba22168cba957d47e74082a7ae6dc9cb1d9a7bff750f7606a92ffbf1639ab9a9c77ee5ce5e03e69263a901d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          30087b5163e6a35e66d3e3799a8d8e7d

                                                          SHA1

                                                          fee206f55edfe2c881cdc0c1c00c511be5571c7c

                                                          SHA256

                                                          a6b0b2a93fede10a82ae655c7cabb01daada8b9598e20d26e8cb92885d093bd3

                                                          SHA512

                                                          1bd08155ed0b46dfa5976e19d909eb255f48baabef61d933baec931c329e42547c932acec736e1a18bf624840bd43b710d9157733a61b872856f42339f97dbf0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          d46a1365248b4dd8cb47c531f2ff40a3

                                                          SHA1

                                                          a28d1bb9b100dc5f014e4ae91651e6fb0cff92f3

                                                          SHA256

                                                          923a02dab09791eec8a8aaf02bf98ffcc3dd469c4db91baf9feb0d84e13404fa

                                                          SHA512

                                                          2db0f03a0b5a9276757433c7567af1396476f2ff9980269e19e848c782bc6adb1dcca34b25223f0c9af4f8d58bc826081260604312f30306a6e997fa2812ffe8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          20ae959e8aadc90db5e4acd74a5db78f

                                                          SHA1

                                                          acbd4b79d06a23b751c5604a649983d29f006820

                                                          SHA256

                                                          4c697b6ccc6d71ac5b7e8ecca9bee72e498e3566a4d7d986c2a4821de2e8a82b

                                                          SHA512

                                                          5396a179f3e5527ff5914b1bdfda6abf02553f5db5f0bdb30caeb525c9c6d4dcb8b91cd9bf490384a95561b1f1e87d277fac7750eb1b0d91c56d70bb221609de

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          53c790c61aa3f0d277d22b619dd268eb

                                                          SHA1

                                                          baec6c32a8bd0bb969744fe4e0e4bfbd7ce00341

                                                          SHA256

                                                          849edf392f2cd2158e23161125e00321492cc753f66fc1a662f2a6f22e784a99

                                                          SHA512

                                                          73e25cedf163adc2c7e9daf192aeaa20073380db2c140ea3de040a7b4fe9d3d434d80c302ef9fe392f4b51bfd0183efad8e092d7ab8cad4804bbf1b5d35833bf

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                          Filesize

                                                          138KB

                                                          MD5

                                                          6ce13532873544753be6a8f619b7b19e

                                                          SHA1

                                                          a36e5d024a9f701c518b27f3cca364659f661d1b

                                                          SHA256

                                                          1a9c2c5827120ad67fef9e2a054045c6d10312581c5ce7811ab9c790d2f55315

                                                          SHA512

                                                          5cfde7c212c24ac2cf1f814e400c40e7e6c933305404604c2035fa8c11d4f5993752799775976248dab6431d11341d31620d08dcbe01dbd6d46bb79a78833928

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                          Filesize

                                                          97KB

                                                          MD5

                                                          c8f63cccc0e93024c59a202258ead6ad

                                                          SHA1

                                                          78bc0415175d5ef14f88039d406fed9e2a3c61bf

                                                          SHA256

                                                          acfeacbe4bca955653e3abddf93b033e402adb2b7fdda16db50d13472255a91f

                                                          SHA512

                                                          4dcbb6186f303286c2ec2647f386d511920cba545b6dd6667c524340afd48c8f432c2a9dccf3c7a5f83bc2bb3ded239065910f0e4a6c0fb074a8016e36f03dbc

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f201.TMP
                                                          Filesize

                                                          88KB

                                                          MD5

                                                          ec2c98c84f4a25f55bc99f5e5f9836c5

                                                          SHA1

                                                          c0140965de47e667fd8ffb356ab2465a904ea8c9

                                                          SHA256

                                                          30d891afb075f99bfcb6941b13c71df539bd130403049b53c182f9fef23aebf7

                                                          SHA512

                                                          f675306387899704c661e08c08bdea9de66daacb7e6658ca708ee94b32da940f007f4e1d71347b382fc8aa99691ff310725cd7e522f59e9ea32681235ce61501

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\activity-stream.discovery_stream.json.tmp
                                                          Filesize

                                                          27KB

                                                          MD5

                                                          201bdda3567edc94ead5809a9dded25e

                                                          SHA1

                                                          c244ed7ddd84ab33ae042b9b06863d33bd4595b0

                                                          SHA256

                                                          61584865ec3515c1c33adad3d19aa102b4dc61dfc262b4e80f1cef95f3f718f0

                                                          SHA512

                                                          393f2e70e9ea167b3903ae7d602d38ddc38b94f7062b98985beecf85021816a41dace88a8da5de5f886f7269104938ac81faa6e95efd72cd34470b6a8321a4df

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\13464
                                                          Filesize

                                                          9KB

                                                          MD5

                                                          7471e9b4465d8a8cb8107bb71fb744a1

                                                          SHA1

                                                          590ef2cc8a8dc8ae0de7b6bf0cbcf28c07e6f7de

                                                          SHA256

                                                          befcf46e2cfcea4da4550ab36613e80cfe72e9cf32883085d400bf17962e4af6

                                                          SHA512

                                                          800bb43c55665e7222827088e7e15de8da47b5b409ec1d730a1cb5bda70cf6866b42ae794c50712c5524b1dc6764a035cd03d51c0c963741a88e2b1059a4e8a5

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
                                                          Filesize

                                                          13KB

                                                          MD5

                                                          4b24f3ee9c3d96a285166ee7d1937fc2

                                                          SHA1

                                                          f9c9f559c0f95d54a30224eeba5bff7a33ec8d57

                                                          SHA256

                                                          8710ec42f4f5ee61394e71437582957f944353537c4dde296c82779c89319515

                                                          SHA512

                                                          8268c08b01bd485a2b25f754727e1273c37455ff477b48e88e9d4e5d78fc2fe3a379312ac0aa6d509d54b9e6b91c5b225fc92807a4d8b183ce5564aa8dea23ff

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\nsv3051.tmp\LangDLL.dll
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          d02e216c527f97b5cd320770cbe03a0d

                                                          SHA1

                                                          76a0bea3650c393341e240231cf999d11a3d8eb8

                                                          SHA256

                                                          cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

                                                          SHA512

                                                          39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\nsv3051.tmp\System.dll
                                                          Filesize

                                                          24KB

                                                          MD5

                                                          62a6f7756aabaeafe2eaa8a1b19eeb99

                                                          SHA1

                                                          24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

                                                          SHA256

                                                          4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

                                                          SHA512

                                                          7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\nsv3051.tmp\nsDialogs.dll
                                                          Filesize

                                                          13KB

                                                          MD5

                                                          6cac9c4cbadc065beeebe16e57279a9a

                                                          SHA1

                                                          26bcac80ab11c56d8d9de74a85ef2314044f96ca

                                                          SHA256

                                                          f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

                                                          SHA512

                                                          854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                          Filesize

                                                          442KB

                                                          MD5

                                                          85430baed3398695717b0263807cf97c

                                                          SHA1

                                                          fffbee923cea216f50fce5d54219a188a5100f41

                                                          SHA256

                                                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                                          SHA512

                                                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                          Filesize

                                                          8.0MB

                                                          MD5

                                                          a01c5ecd6108350ae23d2cddf0e77c17

                                                          SHA1

                                                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                                          SHA256

                                                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                                          SHA512

                                                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___4OM3_.hta
                                                          Filesize

                                                          75KB

                                                          MD5

                                                          382d71342a14696a6738f3a2e741baea

                                                          SHA1

                                                          0f513a7a95f9cad244a0314c33217b12bd4ebd26

                                                          SHA256

                                                          5df7bc7869dfee9ff4f08b483799e7b690e9e68433047b6b6ee6b72d6b02ed3e

                                                          SHA512

                                                          c9849d2c8e19694cf842f3cf121c19275396283b63b9f7b5d40908903ec9d9e5ff93120ed0e8b2dae6d591689a0e5f31d704e3e89a544c92774842afba2da185

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___D4F8OFCW_.txt
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          1de8be804722efbcfdd609c3c07812ec

                                                          SHA1

                                                          12886bd93f3b16b28f18bca98bc24140f7c7c23c

                                                          SHA256

                                                          639f685be33e7765e4dc25e64935abfe4870d9403d22ef0c2060882c81875df9

                                                          SHA512

                                                          df2348eb0fea277aa11cfbd025a2a070d1177b742a900e26d1b768f5051d9e1a8d1c83efa129eeec71f8e008defb13554c16ae01c9a0579c1297466837f3435b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                                                          Filesize

                                                          15KB

                                                          MD5

                                                          4df9f44885bb9362e9ff6e84de018510

                                                          SHA1

                                                          211e6cb7f26d2243d6b6d6a8880a7edf126f2a11

                                                          SHA256

                                                          e37421a163d7d655149bf9ee88717bff5cd24ec435215847bb87e5daba58de33

                                                          SHA512

                                                          cd8cfc69da74dc915cc3a4f4d2a87ef0c6385f87313fcb412897a29b407b0ee44c8bf99a18aadbbdc9cd400c25d9ef535480dc2a9a2727f274a70cfa8016fb82

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                                                          Filesize

                                                          997KB

                                                          MD5

                                                          fe3355639648c417e8307c6d051e3e37

                                                          SHA1

                                                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                                          SHA256

                                                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                                          SHA512

                                                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                                                          Filesize

                                                          116B

                                                          MD5

                                                          3d33cdc0b3d281e67dd52e14435dd04f

                                                          SHA1

                                                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                                          SHA256

                                                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                                          SHA512

                                                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                                                          Filesize

                                                          479B

                                                          MD5

                                                          49ddb419d96dceb9069018535fb2e2fc

                                                          SHA1

                                                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                          SHA256

                                                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                          SHA512

                                                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                                                          Filesize

                                                          372B

                                                          MD5

                                                          8be33af717bb1b67fbd61c3f4b807e9e

                                                          SHA1

                                                          7cf17656d174d951957ff36810e874a134dd49e0

                                                          SHA256

                                                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                                          SHA512

                                                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                                                          Filesize

                                                          11.8MB

                                                          MD5

                                                          33bf7b0439480effb9fb212efce87b13

                                                          SHA1

                                                          cee50f2745edc6dc291887b6075ca64d716f495a

                                                          SHA256

                                                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                                          SHA512

                                                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          688bed3676d2104e7f17ae1cd2c59404

                                                          SHA1

                                                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                                          SHA256

                                                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                                          SHA512

                                                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          937326fead5fd401f6cca9118bd9ade9

                                                          SHA1

                                                          4526a57d4ae14ed29b37632c72aef3c408189d91

                                                          SHA256

                                                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                                          SHA512

                                                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          70a4c52cd7d4a4f4b35055236de51d38

                                                          SHA1

                                                          83c2d2781956b5e5dceaa579280fe81db80bd364

                                                          SHA256

                                                          ec1da14f8918561615b2506ca4a719be5eb58a7be07e7999a97240dafc9ebb1b

                                                          SHA512

                                                          1bdbf6c8e1767217898daa2c6e9c1947c2db6990c09c678f13c343a8ba2f1dfa68f1f73953e8ac70139d83cded5fb1c7e03289b3d8202cf2ab336df4d6024291

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          3b1edb57884de0f1995232f0f3b69aa7

                                                          SHA1

                                                          7526b1a0a3c06e3d5e57765cc98e68242c65edfc

                                                          SHA256

                                                          d42d49aa76c48d2a04f276b0b248f642ee372df321b88963ad5fdd9642569ea9

                                                          SHA512

                                                          13eec9493572e67b12a5fd1f8a16eaf2d3445deb1cb124a2e51c28daaae83b6352373e640ea41565b57a7216ff54a22072eab2f34ac1c35c17ac1a157d125b39

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          9cb39c47dc7c5ff6fb92dee9e43c21fa

                                                          SHA1

                                                          dc333c68507cc3aa6f047578717a865a2aced19c

                                                          SHA256

                                                          442d1b50ec0a08aa8bfce8b974def8747d738de9cf70e91ce11dbf8c8fcc7ec5

                                                          SHA512

                                                          8768a622d947f8b4c2986a19b499ce15bad9418033d9948f95f21d76bdeee17b708d65eed747a2f74798f75702125cd6da87367025f83b23564170fb67032a3e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          bb06ab7ce8701d23329091b0178c4fa3

                                                          SHA1

                                                          86964b1de1b26eb343da7959fcc7a291457c4561

                                                          SHA256

                                                          a80a8b43887a63f2c7d37300b0872c98276abcad69fb207b4ff1f26401b7b65e

                                                          SHA512

                                                          ca8b4e2057433a8cc262212bc6f461cf4c8251a959f4c91d9d7ef0a291785208c42fda0759504768fa75aecf72a5a5a280a34b12e9422fa00804807332c45f87

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          bc68a878350a22dfafb06099467b079b

                                                          SHA1

                                                          f50616342fa4ec6f5ea2e8c768705cdedba2c0ba

                                                          SHA256

                                                          efd5acc250ead0fe7981498f900e5505426e43bbe9339e3c7c6784f5b7e7b0b3

                                                          SHA512

                                                          8bd73ac530f81a021a46e9c52243e06b4b6a2732929f3712e3a1b612d3fbb3ea33429d76068ac68202ea7d19ee82c163243d53188f39ec99f8016fc9df6d8858

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          d3b143bdb8db1b93c84fec324c32fe02

                                                          SHA1

                                                          d54a090fe6e6c6bf086f989df34fe8bd982ee4cc

                                                          SHA256

                                                          8cbc26fa185ae21dcdc25f70be7e6d431fe3ff53e8d689e6b771be3418572686

                                                          SHA512

                                                          ca1e469080a089e6777a528698e00a24b29bf65c0ec1408ed4fd8ed0171a32ac971bc78c377d19814c3a771bfb89909e219189ce311d631b46f35570ad9dee8e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          67491eea9474596e9faca5adb10735a8

                                                          SHA1

                                                          53311b28ff5a89293a6497ab42d73b6051e0696d

                                                          SHA256

                                                          4f792aa33ebd5542f45c5654d58c3fc9a876154812faf03591ba2d23bc5b0ae7

                                                          SHA512

                                                          1f52ecfebda61a71289cbe5cf2de3c445eed6a8cc62bb7718c74c0a4927e063fb8202e64515993166b7ce464f75b70f54ad7b866fcc245445336b91d80d06f0f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          720417fb6ba540cd2131a60395ebdfdf

                                                          SHA1

                                                          f3efe8edb82487165df6661cf89018e20ca5981b

                                                          SHA256

                                                          60d921da37353ff4c04364aa21c344a1ed6a1ec168f7b89ca906331f0b113da2

                                                          SHA512

                                                          e4b3fffad64e29cf537631f8d47c3a578d8fe8d9cc80bf345e3b41a6c90aa374f46c17b4171607c17a3aba581ed15bec54ddef2eefe1f66e1e9409c311e777ad

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          80830e33ba84bbdcc3136bfc8e67daf4

                                                          SHA1

                                                          98dacb21b127bc6ab11d69085045b899b8f950e7

                                                          SHA256

                                                          55f5ef9e2586f7b64d5df68559910c5897ec8dcebd01a99b2ae643fe4e6988f2

                                                          SHA512

                                                          43afe25a644bf51571f85b3cd97b8cac66ad1b3a77ddf7fd2468cd81a12ed3586b86689f69cfab01f01a885dae9c59feb31f4602a78d79cad3fb29ead668ece7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          01f8bc776f728b5618c68e68fc1de855

                                                          SHA1

                                                          f0c39067a3c3b14402efb1867669f4e62367874d

                                                          SHA256

                                                          a28b84a58e1a1bc77ed05c7616f192e1b6bcf296265137f22ee6c1d72527814e

                                                          SHA512

                                                          77935d4f5ecdc616cc35674e968d834d023c654247d6c5f3d4282eb9a4126e36d7872352486e4fac81b23b19b1d89baabeb29192652dea81af51f3d10819bc3d

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
                                                          Filesize

                                                          182B

                                                          MD5

                                                          7d3d11283370585b060d50a12715851a

                                                          SHA1

                                                          3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

                                                          SHA256

                                                          86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

                                                          SHA512

                                                          a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
                                                          Filesize

                                                          27KB

                                                          MD5

                                                          3f030aed9b8a67a8438fd0022e6e8200

                                                          SHA1

                                                          04a96d03d9fb2d318f0920c90fc24a17b168c268

                                                          SHA256

                                                          4cbed17f3f6a27b063965777e979e4b81fce38acb19a7da1f30c6db49cc04c88

                                                          SHA512

                                                          7339262548d555df98a940f7064a4ef35bc07c794fdc497a6e140b5d294be914ed33d20b72e8c8965e6fe1d8d6104564d472232a1fa6422687040b656b06b188

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          766f7bffce96af75208bde8600504b39

                                                          SHA1

                                                          a09f6f9235469d9c140dc7681ad4338de826c5d7

                                                          SHA256

                                                          b8654257bb111914b6d123036669931f44b2823f58967cdfa6eb8382db9de0a0

                                                          SHA512

                                                          bde8732e88877c86a89d48a31406436ce063b5890604b8c6f79ffd4dc66d266593f502a8bd4a9e4642ff139fe357947dd4b3927516a95140c1ae41fa6f236665

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          2ebbac0d217b8dcc88aa6e2803bde624

                                                          SHA1

                                                          cf49655a98411bbe957b7d2ca684716d386b97e2

                                                          SHA256

                                                          0371eb4c0a2702535cd6a4408682349eba53f49cc9cb27c98f4b3c8f19eb36a6

                                                          SHA512

                                                          dadba217837d838cd1bbbfadbce57a40b60fa13c300a5a346cc9ec1545f0f4102dd91373c7abc04b6f20a62014630a7080c6919afea21f25dfb0ac710921d598

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          69fd2b10bad13c35b6873ca3f840d7f2

                                                          SHA1

                                                          a5fb0f53bd0519163dc9568eafe88aa0fb273db7

                                                          SHA256

                                                          71360ffc2361e4f319bd5c786b5ddd40f9dfd84aa110996561374ba005e10c2c

                                                          SHA512

                                                          24f497e5be45d751ecae855a3944dca0a868f6cfab7d2bc803e1e2d7968db16fb0b83bc54dbeb28a559a5dc0d6b90e91f0787d1585224223dfd135960177fd29

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          869d4be15e4c655a6bed4b5c582433a5

                                                          SHA1

                                                          26af98b82eeee4b90bc87c150ec30f829402b1ac

                                                          SHA256

                                                          e28387b09835a15ef8a1dae1ddbe48f6aedebce372650448c29323fdb238ab6d

                                                          SHA512

                                                          1460a40e666ee315c7175cbd2a7d4415b220ccfece19e680293c922b4e760fb8e9b4a5edf183c4370b776cd906a514100f26a23c13b90aef35dae03eb6c5c9f6

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          e049e6ff5e70e69260efc33fdcb7fa74

                                                          SHA1

                                                          a8ed6444dd3de2fdc93d8daec2b5393369c330e6

                                                          SHA256

                                                          82acd0cb1ebc8931ff16afb267aba13419ef9f6fb87504dfc72f7a38e74b218d

                                                          SHA512

                                                          9d3a45c0ef3192de6c77281c187211aac82422af724156372bd65cb742eeb41ff6aaf784efe8f83bfe0bb9c780736ff814f9d7b8ec1a8358e0a8d210e8bdc813

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          0b320a68c2cc97c65b29f24a92c18f17

                                                          SHA1

                                                          b399dff650a9e7d12ccb635075103cc4b96c8d70

                                                          SHA256

                                                          f27e28067b5f6df1656cf843f84c259cf54b1e8b5ff1f308e4d365292ffdbbca

                                                          SHA512

                                                          7ff5d0b2b4382634e8ac7f96dcc428f26360cafa425889785e62b27a562828361d8c6cbc84c41d26e331eb8f84f750c67117abf8bc4870d5045fdd2f497e0927

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
                                                          Filesize

                                                          53B

                                                          MD5

                                                          ea8b62857dfdbd3d0be7d7e4a954ec9a

                                                          SHA1

                                                          b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                                          SHA256

                                                          792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                                          SHA512

                                                          076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
                                                          Filesize

                                                          90B

                                                          MD5

                                                          c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                          SHA1

                                                          5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                          SHA256

                                                          00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                          SHA512

                                                          71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                          Filesize

                                                          160KB

                                                          MD5

                                                          f69342eedba5160f25a93c9a0518f2a9

                                                          SHA1

                                                          96917291eb40e38646f49d04fd9c7a00c9f4c1c4

                                                          SHA256

                                                          ce1f341be920147166a36ebfe52e4ebfb9dc313e65b04329a518878ab03ef973

                                                          SHA512

                                                          67b2ca0fd444f437ffdd2fab15f9796ac8a8e84fa030922dc5604dccbf27189967f38326737ad5e259a6d5ae7a896e8754275911a50b0710ee5daa9846f3938a

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
                                                          Filesize

                                                          103B

                                                          MD5

                                                          5b0cb2afa381416690d2b48a5534fe41

                                                          SHA1

                                                          5c7d290a828ca789ea3cf496e563324133d95e06

                                                          SHA256

                                                          11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

                                                          SHA512

                                                          0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
                                                          Filesize

                                                          2.4MB

                                                          MD5

                                                          7c886c2fb90c9d308c3a285422b44866

                                                          SHA1

                                                          660eeea4084ee7fa577e2bdbce3ed146a8a1ec06

                                                          SHA256

                                                          2f04a7a07cef84837dafba581d0e75631ef9e000a18929145b779364aca71130

                                                          SHA512

                                                          91e2d575533dbf02a20e18561922c7f7057c77b7b80bc5b140489bd95e887b27bd6731d88a1f76e679c259aefdc9a5e03b21cb46e6c40ea48aad82d043121f49

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
                                                          Filesize

                                                          7.8MB

                                                          MD5

                                                          42c1ec39ebc4c190fa1a518a92296c0f

                                                          SHA1

                                                          d84a748966a4f26d13fcb3af97a4f63449929423

                                                          SHA256

                                                          65166acc79900cc7705d77fac20dbafaa920fe40109127159fc63f0bf05474eb

                                                          SHA512

                                                          639138c5a39c7afa6a3013c3e5cbe1d3b8ee6cef79062ccd4ff0069303d221962d4da72d3a8db0f80a44b65df84f2ba33f52654dd9acc0e269ea63e0c0fc9b3c

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja
                                                          Filesize

                                                          24.6MB

                                                          MD5

                                                          9432eefc3fecd358f8b7c0859bc6bd5f

                                                          SHA1

                                                          400ed9122bb41c298f9b0d7fb700cf16fe118779

                                                          SHA256

                                                          d7000a7ac9522baf1bb41047efd06f6f80e5780550ae40bab32909a78e5a5d3c

                                                          SHA512

                                                          d194820d9b282fc0126b5381230dc1764cbce1762e73b5e845c37d80c6a43db032b4254fb1f709caf05d07b3d34d9232fbda28b61061b3ec2f6a200772eefbdc

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
                                                          Filesize

                                                          429B

                                                          MD5

                                                          3d84d108d421f30fb3c5ef2536d2a3eb

                                                          SHA1

                                                          0f3b02737462227a9b9e471f075357c9112f0a68

                                                          SHA256

                                                          7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

                                                          SHA512

                                                          76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
                                                          Filesize

                                                          42B

                                                          MD5

                                                          70b1d09d91bc834e84a48a259f7c1ee9

                                                          SHA1

                                                          592ddaec59f760c0afe677ad3001f4b1a85bb3c0

                                                          SHA256

                                                          2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

                                                          SHA512

                                                          b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
                                                          Filesize

                                                          930KB

                                                          MD5

                                                          a3fb2788945937b22e92eeeb30fb4f15

                                                          SHA1

                                                          8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

                                                          SHA256

                                                          05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

                                                          SHA512

                                                          4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                          Filesize

                                                          1.8MB

                                                          MD5

                                                          8379d4a51d2a9b8973a45592fa8b638a

                                                          SHA1

                                                          0b056ee546c3d4f65ccb54aad14f293b3e6252b2

                                                          SHA256

                                                          8c12ee73b212edf7bf85525c46cc15d5267b2728de52fd3e5cc59fc86aef173f

                                                          SHA512

                                                          c4571fd0d6b5b1b41c5b9b43c70e09fd6a287e4227eeabdd0c10157a852f7d4691281ea1981c45d3a9d6335e4335fd1eeaf934ebc3086c20e76355654f35db52

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt
                                                          Filesize

                                                          297B

                                                          MD5

                                                          793eae5fb25086c0e169081b6034a053

                                                          SHA1

                                                          3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

                                                          SHA256

                                                          14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

                                                          SHA512

                                                          5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf
                                                          Filesize

                                                          225KB

                                                          MD5

                                                          27dfbbe8ee4015763e3c51d73474e94a

                                                          SHA1

                                                          4328cdc9a3f9c6b7df0624c81afbd3459f213e40

                                                          SHA256

                                                          b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

                                                          SHA512

                                                          42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf
                                                          Filesize

                                                          589KB

                                                          MD5

                                                          e782457ebb0389715abdf5a9e20b3234

                                                          SHA1

                                                          e0d9ad78d1972d056d015452ed8dee529e8bb24b

                                                          SHA256

                                                          0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

                                                          SHA512

                                                          3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf
                                                          Filesize

                                                          91KB

                                                          MD5

                                                          ac01114123630edca1bd86dc859c65e7

                                                          SHA1

                                                          f7e68b5f5e52814121077d40a845a90214b29d41

                                                          SHA256

                                                          1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

                                                          SHA512

                                                          1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf
                                                          Filesize

                                                          128KB

                                                          MD5

                                                          12764d72c2cee67144991a62e8e0d1c5

                                                          SHA1

                                                          f61be58fea99ad23ef720fbc189673a6e3fd6a64

                                                          SHA256

                                                          194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

                                                          SHA512

                                                          fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf
                                                          Filesize

                                                          224KB

                                                          MD5

                                                          f0b22427c3ddce97435c84ce50239878

                                                          SHA1

                                                          a4a61de819c79dc743df4c5b152382f7e2e7168d

                                                          SHA256

                                                          0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

                                                          SHA512

                                                          ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          778376d22591a4a98bf83ac555ddf413

                                                          SHA1

                                                          608172ca18450b4cc61ff6cc155f66cff55c5bf9

                                                          SHA256

                                                          8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

                                                          SHA512

                                                          e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf
                                                          Filesize

                                                          21KB

                                                          MD5

                                                          9390ee64243e5335b79e33e5e8311341

                                                          SHA1

                                                          c8d4b3ab79f6b12311eb4e4da29e709e583b5870

                                                          SHA256

                                                          cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

                                                          SHA512

                                                          ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf
                                                          Filesize

                                                          198KB

                                                          MD5

                                                          7b5138efef2c02dda9cfae9917cd913f

                                                          SHA1

                                                          b44b58f354c4a68e119df226f01ad763b2d1025c

                                                          SHA256

                                                          9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

                                                          SHA512

                                                          47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          bd4c30081a164037311e8712423c5bf2

                                                          SHA1

                                                          2a13bc7987ca34644b075c1fe197ba293b4ca527

                                                          SHA256

                                                          bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

                                                          SHA512

                                                          2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          34699ac8824cdb6593b4dbef605dd6b2

                                                          SHA1

                                                          22ff82e35cbb1ac9053f767f404ee351786fe0c2

                                                          SHA256

                                                          328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

                                                          SHA512

                                                          fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf
                                                          Filesize

                                                          111KB

                                                          MD5

                                                          fc6ec655d6a00c567119522854e24172

                                                          SHA1

                                                          b72baef2dc0aca98cf7d3458cc027f4b0622db08

                                                          SHA256

                                                          0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

                                                          SHA512

                                                          0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll
                                                          Filesize

                                                          690KB

                                                          MD5

                                                          85e98ba2b208808db0f352cc75c6c6be

                                                          SHA1

                                                          3f7f543bb097c3ca9febf62a74bff06930a95fe3

                                                          SHA256

                                                          549ac6131d5a0d6ba8d653c27fd953672bb1c4780ebf2953aa1b7fd25bf2b62f

                                                          SHA512

                                                          f2069dec3d85eb83430d93a46e32a9d528fc9574a7da6c39825f92da7fdba88531fd0639ba389e73dfcc52257fd79675397ab2f53861e1a8fa05ac139b8a9e24

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
                                                          Filesize

                                                          43KB

                                                          MD5

                                                          511067dccd926c528e9f6518fc16c4cb

                                                          SHA1

                                                          84d6c8a784d7b9c3012312fe9ee8dc769a01ffd5

                                                          SHA256

                                                          07e7f225894d055aed95bb39b0ed761a5bcd479dc0cecab218477a91ae81b9bb

                                                          SHA512

                                                          49581a970cc5c694bc949281cfebe23d53497a67f073537f6107a2b58b29f11eb0d6483b2c38dbb2b15f857b63695a639459252c5c35919f8ff10d9300379dff

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
                                                          Filesize

                                                          1.4MB

                                                          MD5

                                                          ee5bd0cde8db4ce8af55699c7c99003c

                                                          SHA1

                                                          fc00280601a1f895031e29e787d64f13718b431d

                                                          SHA256

                                                          a6f3d485f373e4c598545e702c99ff0921c7a2180ce54d73c972c1eff599fa72

                                                          SHA512

                                                          fce9c194db68dcf9842e602deb85901735509bbf72af3a4a69192e61bf2533c16d34bde2cb25c3521fe98ccc7044a6b35a330f4e6d019fb28130ed627529d1cc

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
                                                          Filesize

                                                          2.5MB

                                                          MD5

                                                          df60ab882983b02912a0cc8506143959

                                                          SHA1

                                                          3219888ee11ad95e84f06f113294f75f39824a35

                                                          SHA256

                                                          e02ffbd776bcabc34f50d7af846dd7564e1f85fdc0139f155f7488887ed75645

                                                          SHA512

                                                          9b31e053f5761592baffac36936a734078ab38894582c7d3734bdc537a27fa057633bd1ef3681c026d73b62e73db0b47d819ed4243377c1141654807e4098e2c

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll
                                                          Filesize

                                                          472KB

                                                          MD5

                                                          5bc752e9fe99fee6eed9dccf378daf98

                                                          SHA1

                                                          a5e478b4884e1322dcf6b9fd2c6763bd4f32c357

                                                          SHA256

                                                          ac5bfdadf44e54bdb11223826dcc74146882006b657b6b5d7bdb57dd959a0e09

                                                          SHA512

                                                          e3200a9a427e440652ec3df6a27124e3d3be79b82fb6d2e5444c859884183ef728e7b0f59ba280d6cc755c409e974e0d84f3d346bc273986cfd8508e4420343d

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja
                                                          Filesize

                                                          18.4MB

                                                          MD5

                                                          e8cf227c3e9a23a00922a743a817a7d5

                                                          SHA1

                                                          7c999ded895aaf4a7cec52f6e638d325e640918e

                                                          SHA256

                                                          1ae60d7145a28789349fce470f7d389b932284602d105835fa21f94f06a46b2f

                                                          SHA512

                                                          b15fcb5b265665b73717f0ee40f1e485f29f4d632cf363a2d0fcfbc0dc7c4f7c5cf3aec6675e8c7f12deed1fce121b3d00e3442eb92ebfbc7b1283c53eb51fc6

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll
                                                          Filesize

                                                          288KB

                                                          MD5

                                                          836a249121bdbbdf7b02cf757862033b

                                                          SHA1

                                                          25279ddc3e82391d2c448d7b45c29cace8b4b93f

                                                          SHA256

                                                          99faddef662f3a6e166a10421a169153d25431d25f9f3feb01e0a30006f25665

                                                          SHA512

                                                          3d4b5eeedc3e83f03cd1f693019526b704ab108155dd2dcc09cd1aff3cbf2c5025dd64fbcfe60fa6d0a3c37b709f23d8a4e89b2a5df5cfaded3ba6769083617d

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk
                                                          Filesize

                                                          829B

                                                          MD5

                                                          eb02fa3056421c134ee6d7bf4d554a69

                                                          SHA1

                                                          0514340ceac4f47edc67e53c683bf25fff327ff2

                                                          SHA256

                                                          888b0c5522ee97e7b5014623044b43e894b3f8b54f86c625bba401770251ada1

                                                          SHA512

                                                          f874e131683eb65ad17c80e13dad6f8fc34061cd3c1e177b75298b05aef73c9c616247dbe9e1d64af4076badf5ce5aef573ff1087f7b0e85c214fc1762b94c41

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Ransomware.Cerber.zip
                                                          Filesize

                                                          215KB

                                                          MD5

                                                          5c571c69dd75c30f95fe280ca6c624e9

                                                          SHA1

                                                          b0610fc5d35478c4b95c450b66d2305155776b56

                                                          SHA256

                                                          416774bf62d9612d11d561d7e13203a3cbc352382a8e382ade3332e3077e096c

                                                          SHA512

                                                          8e7b9a4a514506d9b8e0f50cc521f82b5816d4d9c27da65e4245e925ec74ac8f93f8fe006acbab5fcfd4970573b11d7ea049cc79fb14ad12a3ab6383a1c200b2

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Ransomware.Matsnu.zip
                                                          Filesize

                                                          62KB

                                                          MD5

                                                          0a3487070911228115f3a13e9da2cb89

                                                          SHA1

                                                          c2d57c288bc9951dee4cc289d15e18158ef3f725

                                                          SHA256

                                                          f73027dd665772cc94dbe22b15938260be61cbaad753efdccb61c4fa464645e0

                                                          SHA512

                                                          996f839d347d8983e01e6e94d2feb48f2308ab7410c6743a72b7ecff15b34a30cd12a5764c0470c77138cf8724d5641d03dd81793e28d47fe597f315e116fa77

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus.zip
                                                          Filesize

                                                          2.3MB

                                                          MD5

                                                          5641d280a62b66943bf2d05a72a972c7

                                                          SHA1

                                                          c857f1162c316a25eeff6116e249a97b59538585

                                                          SHA256

                                                          ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

                                                          SHA512

                                                          0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752

                                                          Download Submit

                                                        • memory/2776-685-0x0000000000400000-0x0000000000435000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/2776-681-0x0000000000400000-0x0000000000435000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/2776-1110-0x0000000000440000-0x0000000000451000-memory.dmp

                                                          Filesize

                                                          68KB

                                                          Download

                                                        • memory/2776-1109-0x0000000000400000-0x0000000000435000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/2776-1094-0x0000000000400000-0x0000000000435000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/2776-1086-0x0000000000400000-0x0000000000435000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/3752-3087-0x00000200C6D40000-0x00000200C6D50000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/5780-4232-0x000002AF00E40000-0x000002AF00E50000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/5780-4227-0x000002AF00E30000-0x000002AF00E40000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/5836-3057-0x00007FFD24870000-0x00007FFD24871000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/5836-3058-0x00007FFD24630000-0x00007FFD24631000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download