aba769c8e9376dc1cb06b0f3cae44f5b3b1429e25398c146ff37ef9816c84d3d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nieuw project (5).png
Size

130KB
MD5

18cae9513b1e090c7ffc58a0d5af3ada
SHA1

2d576e98695760ed72e70bc2053b26f69e2d8497
SHA256

aba769c8e9376dc1cb06b0f3cae44f5b3b1429e25398c146ff37ef9816c84d3d
SHA512

8b67cb72b95fa53afcea6e9b700964eed54c95483fa52ae59da715959bb6ec39251cdb9fc024a8b0bec1a35031b6d8c6f2c34f06fa4f8d7fed561c9a2ade81ae
SSDEEP

3072:LvBK8ij1za0XqeUh4z2j6XoU9Ht/Ybz01eG0DdmCQ:zBo1+YXB2eXnFY/TG0DdQ

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 13 IoCs

pid	Process
4648	tor-browser-windows-x86_64-portable-13.5.exe
2556	firefox.exe
4980	firefox.exe
4920	firefox.exe
4812	firefox.exe
3204	firefox.exe
1208	tor.exe
4132	firefox.exe
2912	firefox.exe
4400	firefox.exe
1772	firefox.exe
2552	firefox.exe
5972	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
4648	tor-browser-windows-x86_64-portable-13.5.exe
4648	tor-browser-windows-x86_64-portable-13.5.exe
4648	tor-browser-windows-x86_64-portable-13.5.exe
2556	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4920	firefox.exe
4920	firefox.exe
4920	firefox.exe
4920	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
3204	firefox.exe
3204	firefox.exe
3204	firefox.exe
3204	firefox.exe
4132	firefox.exe
4132	firefox.exe
4132	firefox.exe
4132	firefox.exe
4812	firefox.exe
4812	firefox.exe
3204	firefox.exe
3204	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
4132	firefox.exe
4132	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
2552	firefox.exe
2552	firefox.exe
2552	firefox.exe
2552	firefox.exe
2552	firefox.exe
2552	firefox.exe
4400	firefox.exe
4400	firefox.exe
1772	firefox.exe
1772	firefox.exe
5972	firefox.exe
5972	firefox.exe
5972	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639621648099746"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
4980	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 3216	1700	chrome.exe	98
PID 1700 wrote to memory of 3216	1700	chrome.exe	98
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 1284	1700	chrome.exe	99
PID 1700 wrote to memory of 3124	1700	chrome.exe	100
PID 1700 wrote to memory of 3124	1700	chrome.exe	100
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101
PID 1700 wrote to memory of 1496	1700	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nieuw project (5).png"
1⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfd23ab58,0x7ffbfd23ab68,0x7ffbfd23ab78
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4156 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5144 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2524 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3440 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,5961264579609872458,1593152842941293835,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4648
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2556
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.0.545509577\609428061" -parentBuildID 20240611120000 -prefsHandle 2648 -prefMapHandle 2572 -prefsLen 19245 -prefMapSize 240228 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ae731c2d-685d-42e3-82eb-5dade48c1656} 4980 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4920
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.1.1272762707\2097841592" -childID 1 -isForBrowser -prefsHandle 1780 -prefMapHandle 1720 -prefsLen 20081 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {829b2ee1-a132-46a3-8a47-95067c91b2c1} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4812
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:0d53ebb8c6fd363060ea3c8bec7a5b3bec6a78471e01d7ca0a9bda797d +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4980 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:1208
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.2.1654006134\1291015114" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3452 -prefsLen 20893 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7dd37abc-a6e7-4a3e-8bfb-6c92f4d395af} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3204
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.3.2134753353\568623303" -childID 3 -isForBrowser -prefsHandle 3444 -prefMapHandle 3452 -prefsLen 20970 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {24395ea2-c180-4538-898b-6ec897a52942} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4132
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.4.968082722\21745271" -parentBuildID 20240611120000 -prefsHandle 3088 -prefMapHandle 3852 -prefsLen 22379 -prefMapSize 240228 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {21bd7258-854e-4a68-9c82-eae18dbafb6a} 4980 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2912
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.5.1028029388\1029072589" -childID 4 -isForBrowser -prefsHandle 3684 -prefMapHandle 3212 -prefsLen 22264 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7c8e9eaf-8ca9-4b69-b3b6-4d348199bc06} 4980 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4400
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.6.207784202\377304538" -childID 5 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 22264 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {48c036e8-274e-4036-9f3b-98ee2058290b} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1772
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.7.1296414311\49154595" -childID 6 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 22264 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7adf89b9-115d-4097-9cdf-311602af8ee9} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2552
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4980.8.482063033\2111864094" -childID 7 -isForBrowser -prefsHandle 4756 -prefMapHandle 4760 -prefsLen 22614 -prefMapSize 240228 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240611120000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7db49015-abec-44d3-95fc-9974aff99fd8} 4980 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5972

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c8d278789877c270915ef6c09ca16139

SHA1
2d3f78783018d87cebf7a85452468f8eaf06b4a1

SHA256
36bf452c3ba0a1c491b7adc0bffac1a377635e1263c29e25080045c5ca1ebfbe

SHA512
dec08f30713fcd2c2665d599b206585a05a9afdcbfcd078a6d731c729684309f6263f9b58ff3e98d4c378a2264f1abf23f7319e59e13ba6b1fddd3b0581b59ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
14b773ee1567eea37dce37fce33ddaa1

SHA1
a6ae2f67c8ee390b3338b51f124d4f949f361a67

SHA256
7e07787ba20c14e1d146909e9ea473d6d3b33792294f16b84a87cc6690b1cf5e

SHA512
244d9f6f501ebc8e3ec53b9fd2ea762a137a926a151e68a636cb3cb08780760b63610375b8926fd93467701aa3cf6280955aa2817b46d72d0985d2f192a6a621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7b5b3be87042beda37833a5396ff87cf

SHA1
fb1fd1a0453c93490a5b5174e457c8a67d129eea

SHA256
ff42de2bd7921be00e82cf465124626f455ac894143910545a4eb9e90e381c81

SHA512
d188773856f04eb34ff8c4eeaa10235f201117da872658a2293f73959b95d8b7887e3d5bbeb544dc77a4e11bf6e2dca60a524c325bcf95150f851f6fc4c1ddef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
2877c81eee8c23987a8f395815288367

SHA1
1354cc5d6322aeb2a3883a174aff42720af58ee3

SHA256
bc64709065fdeef5d13cd98ebd6560206a1afc75fecb419207989f53d67bce66

SHA512
bc024f3ac9d26e88cd7189efd61114aa9c13af19396b789549d3cff7fc5ebaaffc80aee2e2d63f5a2e325e1ef1851470475c92c19d18eaed7c49eb14207141c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2636c2d90bbc907814bc169cdf98a547

SHA1
bfa82c531ad674d7702f653800755150ded80787

SHA256
c8d8c705da85bf52e5fddffb6ce8f394026dca9b91d873c21f87b403fa523ba2

SHA512
647f539ed03b847b9dfaead00548b641eedc6c045371795f4e65cfd0adb4f658ee32a699a3a628ec748f7f48ede1843767c4882a50d5cd5199faba419e7a1a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe3617248a726cfa393e18041d29697d

SHA1
840bf609cc4ba8a95dd9c6ce6b1179d207f51f34

SHA256
070598967c44f7d3712ec8710405d242967dcdb3a1b2634fdd7dfd06d6dc757b

SHA512
d90c98a15cd2cc8c97e8e6b3b93a9dfd1de2201f1c53728055d98d6ca77a365e1a8eed0459131abc3a31164345ebbe924c84ce4fa34c40190a129eacf63f9ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a68f825669803a91d27971ceec416647

SHA1
2b9680c36c0f99f5c73da0bb77147ac1ab2a04be

SHA256
78565f71ac9ea8c05c1cbfff03b6e95aeeb069ebf5fd287e12cff57088bb7ff1

SHA512
b422d6ce7bba4b11ab7edf9bb368cd3be656d14faadc20e465e2cdbe8fb38be1ca925a1ba304b84336dfbc543b6e231d95a619123dddcef97964dc18c4b43130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
611a599e3ca005f88d63e6efd58bb1ae

SHA1
11caebbc6718eb6cf61407baaaa3d54fc5125e54

SHA256
63240443be0f50d0a7b525813efa17bd6f01b985707fb6a4c2b73d2ff73a6174

SHA512
e061aceaac2e63904a47a3fbd34d980d15806eec1a6a588fe12ce1598e0a08b98d6bc3320f311d5ff8e3880830bd1e37bbdeb27ac2214a01ee11d3e899598a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4234a004385e562d0881a6126c56ce1e

SHA1
1991d603f2edcaf71e4c7f3fed3db7634de99257

SHA256
0d32c749aa59ede215bbcc6899bd6e16ba3d654ea8839ceb37f6e54e030a4613

SHA512
7eb83fdc414ed63b749fda50016b53391f46c238ba9eb544e1bdda77606b8625ee69415b8b38c10b561e26b585fffc26f97389b21edffb623230a26215ec406b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c9fbcb0b09aa1470ba27e38724208d21

SHA1
7873388adc4b238f56c655bf484d666861e0ce5e

SHA256
d483549a7dc940b2aed18566e6f7d9600a8e9544163ef15fd25650a61ef74d3d

SHA512
0f48d3096a83a5e7e051a408059679c1f6acdb0723c1a4bb1276cbae4f480dc1b0bf8ac68e2c3e1036cf821bbc48c8c68757506cdaf4336da6be4eacfb7335a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
c4f24efaac1658716b24d737a19dcd26

SHA1
762d7c38ee7d556d54fb5ec170da338970e2eb3e

SHA256
516c2c6cfff6e4ef437eb23cbe60427ff2f7a67621942461022aaa6469280710

SHA512
e1d1b41b7972604232d2aae2e934eeb429dc07503c8c0591dc3247cf3cde4e78e9d387ec2f7c4364e0125627cb9b9a618ed7307622a1b4368793af2716c31faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
6256b3cfd32b8d4c12bf9357b8a10567

SHA1
ddae57804ea5d49b4ab170506c2205f06c7586f7

SHA256
6bf8c7fe66884b024adfe29b8873879c21fa2d4225e0eef6bc9287004bc4b3f4

SHA512
51da7f4ac21e0a5b7838dbb07a235ee0564e1022b80fd0c0f0342ee5692b365769cbb0507c3adee32a35f575de399eb9742697b13fed840a4e29f33ed5dea550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
3fb8a36ee4a1197d985969c3a71f47c9

SHA1
8e7b6c996be68c61477c5c847d6df979b0737a04

SHA256
81d84c4d0cd8d63f83edf35452bc8390a627a78ffbc3ec92cae31764159c8cae

SHA512
6cd18ab77ed9ad01a23e73b3da323b952048ed3d7bf232843bf7632558b2bcc1d348f4349bad1e9f69661d7128cb90401012312833834f4461592df7ab5fe2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
2c97b34abbedb67e541e8c832fcc8cb7

SHA1
031517cc57c3cb4fe8d70b9b59e3409c7f232502

SHA256
5f3d1a62abf5219e5bdf04f4a22433e3f0b0330c6a386479d43146a7703c6d0a

SHA512
50166c8bf3d9123601df9d551d9e5d2a39776d9fe46d8fc3093ffb530becb1326782e5ef4d4826de77512c72618bf203699e01124e856de8afbb940a3b733a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580b84.TMP

Filesize
88KB

MD5
cccbb1ea1834c154f7deac8c58904902

SHA1
54d8e640e5ca4844def6127e281e4007581661e9

SHA256
a156f4bc70aba44801d963ec4ea5ec682b7831164935cfc13f9c8eeb0847f6d0

SHA512
c487039144d8c2b22fb9bdcc86ab47ac73f233c3d5205628ff8d65cd9f1ba20f8ce3db574386395075239a617db74a1a95e512f7dfc35e6df7b15c5aa69814ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2eef35ac0887e049d77724e78d977d33

SHA1
16b90c84d714334b1c2f32bd34a5f372c4560193

SHA256
4f542746ece05f90e0d117ec24d8ac1e49c965f348fa5af6b33a67540671a2d8

SHA512
968527c3a7d1689111f96303871a940865fdfbd722adf4b4522c026aa5a7209ed8d185fea8d1c749df08f5cd022bdb9bd3ee3d23fce1594bb3aa7629d9e803ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf1153.tmp\LangDLL.dll

Filesize
7KB

MD5
d02e216c527f97b5cd320770cbe03a0d

SHA1
76a0bea3650c393341e240231cf999d11a3d8eb8

SHA256
cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

SHA512
39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf1153.tmp\System.dll

Filesize
24KB

MD5
62a6f7756aabaeafe2eaa8a1b19eeb99

SHA1
24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

SHA256
4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

SHA512
7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf1153.tmp\nsDialogs.dll

Filesize
13KB

MD5
6cac9c4cbadc065beeebe16e57279a9a

SHA1
26bcac80ab11c56d8d9de74a85ef2314044f96ca

SHA256
f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

SHA512
854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
ae58fb942aac632a6656df8dae367c83

SHA1
6433a006c63b4dc57bbb28944020151f46997678

SHA256
913a2a94c0d99fd51580327cf6396753d1f30983d5bd6435dcb98c5e01454472

SHA512
d89dc2e5a908cfce7b416a028afd0c0c0a5d5525cd61343c55555d2e36c27965aeb55656767c6e8d3ebf6dcb5934dbc99925f016fcef3eb1244c4cc6e7885e3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
ac207d9c60c0eeb195cf445fb2027470

SHA1
64cc898e1e5b1bc39e7befa33bb48a6ca3000a4c

SHA256
6a0289e729700f8e20f8974048081d9a469b1386e3d85f249b117355ca0b0e71

SHA512
3bf50ea8766610042fcbe16101a1ef5ca38e5a0401d8ee0639963a499c691658f36d85e46fbb8200d5ea825b6ceb4546e50619e228e0775935492b3771288c32

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
9bcdbf0362667c3ed7cdfc530e2c489c

SHA1
afb44f4b175d73b4d75abbe5bf4ed64fd00c0922

SHA256
d24e338e7d4e25cd0f288362d1e6b4da3d1094a67beda57b7a67bf6220390647

SHA512
2030b09c3d27b18ec98c90f3344329e67557f2111fafc5fad392262062ad0b72ac0f7e54c1aebeb28dcfd0a90217c4e5a534b870066e9cc0a03b99de53891168

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
1ab3b292d20823449ca60127b81a242d

SHA1
b906580e36b3e82f5caa22ef91192bfd3e79f962

SHA256
bb87db7890d942ec7b1b46971c4a11ee53a2a99470b7c9188d114bb1aa6443ba

SHA512
e7696caa06160f99f910d7c76ae0a5832f9f72aec46ae8ba894a5eed0ce46e60c7969cd2696c2e09e2976abee7a176f9fab261db2a420fc85d71554ff3b96121

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.5MB

MD5
032dc80f4da68ab769ccf967761fd7ff

SHA1
9e9c1ad415ba3171a8821006b4923ac0225f4e00

SHA256
40ab6146327ba540d62a3c71f29b64d7568ce4a4c21f8b483c0a663be5d5f0e2

SHA512
4e70292854ffb6881c4972e174b7386c5736bc652bc33cae751c5409704b866605c13402c0950f6888f119a20d9702940f44697677459905e8b18ed84f4e5bba

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
5.3MB

MD5
c0376c5b005c40222657ab9995438f48

SHA1
ba04a25874654d4f9fe659da623b4454f133e8de

SHA256
333a42d1221b7b4d47343847621a59f7b1bb5633141124a1bc8d4e5e4444dcf1

SHA512
da7c8aecf422f0e706aa9877ae3611375811df3134cbdfffce590ec4d609ab5e91ac3e6102b09e18b7fb64e57fd1aaaaa9e4944982a1a791a95df8c3864b615a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.6MB

MD5
9432eefc3fecd358f8b7c0859bc6bd5f

SHA1
400ed9122bb41c298f9b0d7fb700cf16fe118779

SHA256
d7000a7ac9522baf1bb41047efd06f6f80e5780550ae40bab32909a78e5a5d3c

SHA512
d194820d9b282fc0126b5381230dc1764cbce1762e73b5e845c37d80c6a43db032b4254fb1f709caf05d07b3d34d9232fbda28b61061b3ec2f6a200772eefbdc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.8MB

MD5
8379d4a51d2a9b8973a45592fa8b638a

SHA1
0b056ee546c3d4f65ccb54aad14f293b3e6252b2

SHA256
8c12ee73b212edf7bf85525c46cc15d5267b2728de52fd3e5cc59fc86aef173f

SHA512
c4571fd0d6b5b1b41c5b9b43c70e09fd6a287e4227eeabdd0c10157a852f7d4691281ea1981c45d3a9d6335e4335fd1eeaf934ebc3086c20e76355654f35db52

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
85e98ba2b208808db0f352cc75c6c6be

SHA1
3f7f543bb097c3ca9febf62a74bff06930a95fe3

SHA256
549ac6131d5a0d6ba8d653c27fd953672bb1c4780ebf2953aa1b7fd25bf2b62f

SHA512
f2069dec3d85eb83430d93a46e32a9d528fc9574a7da6c39825f92da7fdba88531fd0639ba389e73dfcc52257fd79675397ab2f53861e1a8fa05ac139b8a9e24

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
511067dccd926c528e9f6518fc16c4cb

SHA1
84d6c8a784d7b9c3012312fe9ee8dc769a01ffd5

SHA256
07e7f225894d055aed95bb39b0ed761a5bcd479dc0cecab218477a91ae81b9bb

SHA512
49581a970cc5c694bc949281cfebe23d53497a67f073537f6107a2b58b29f11eb0d6483b2c38dbb2b15f857b63695a639459252c5c35919f8ff10d9300379dff

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
ee5bd0cde8db4ce8af55699c7c99003c

SHA1
fc00280601a1f895031e29e787d64f13718b431d

SHA256
a6f3d485f373e4c598545e702c99ff0921c7a2180ce54d73c972c1eff599fa72

SHA512
fce9c194db68dcf9842e602deb85901735509bbf72af3a4a69192e61bf2533c16d34bde2cb25c3521fe98ccc7044a6b35a330f4e6d019fb28130ed627529d1cc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
df60ab882983b02912a0cc8506143959

SHA1
3219888ee11ad95e84f06f113294f75f39824a35

SHA256
e02ffbd776bcabc34f50d7af846dd7564e1f85fdc0139f155f7488887ed75645

SHA512
9b31e053f5761592baffac36936a734078ab38894582c7d3734bdc537a27fa057633bd1ef3681c026d73b62e73db0b47d819ed4243377c1141654807e4098e2c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
5bc752e9fe99fee6eed9dccf378daf98

SHA1
a5e478b4884e1322dcf6b9fd2c6763bd4f32c357

SHA256
ac5bfdadf44e54bdb11223826dcc74146882006b657b6b5d7bdb57dd959a0e09

SHA512
e3200a9a427e440652ec3df6a27124e3d3be79b82fb6d2e5444c859884183ef728e7b0f59ba280d6cc755c409e974e0d84f3d346bc273986cfd8508e4420343d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.4MB

MD5
e8cf227c3e9a23a00922a743a817a7d5

SHA1
7c999ded895aaf4a7cec52f6e638d325e640918e

SHA256
1ae60d7145a28789349fce470f7d389b932284602d105835fa21f94f06a46b2f

SHA512
b15fcb5b265665b73717f0ee40f1e485f29f4d632cf363a2d0fcfbc0dc7c4f7c5cf3aec6675e8c7f12deed1fce121b3d00e3442eb92ebfbc7b1283c53eb51fc6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
836a249121bdbbdf7b02cf757862033b

SHA1
25279ddc3e82391d2c448d7b45c29cace8b4b93f

SHA256
99faddef662f3a6e166a10421a169153d25431d25f9f3feb01e0a30006f25665

SHA512
3d4b5eeedc3e83f03cd1f693019526b704ab108155dd2dcc09cd1aff3cbf2c5025dd64fbcfe60fa6d0a3c37b709f23d8a4e89b2a5df5cfaded3ba6769083617d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
13f77d608ed4f2b4fceb02653adbac61

SHA1
ceccb3bd2f00dd3520914b2bac6126a4f1f63965

SHA256
1232c67c2e049fae322972e6f8133bfbf34ea8f752b4361a750ed8a9581f3ab8

SHA512
56b1216ae429d194a04711e7568973726d9c57c6c66d78b0f16b094a616741d71044a930d649ba027248cc12e4121eaeb880bebe34d224caa8e3ed14735a4400

Download Submit
memory/1772-851-0x00000181BD900000-0x00000181BD901000-memory.dmp

Filesize
4KB

Download
memory/1772-929-0x00000181BD8D0000-0x00000181BD8FB000-memory.dmp

Filesize
172KB

Download
memory/2552-855-0x000001C7C1B20000-0x000001C7C1B21000-memory.dmp

Filesize
4KB

Download
memory/2552-930-0x000001C7C1AF0000-0x000001C7C1B1B000-memory.dmp

Filesize
172KB

Download
memory/3204-926-0x0000022947330000-0x000002294735B000-memory.dmp

Filesize
172KB

Download
memory/3204-717-0x0000022947360000-0x0000022947361000-memory.dmp

Filesize
4KB

Download
memory/4132-728-0x00000208C0130000-0x00000208C0131000-memory.dmp

Filesize
4KB

Download
memory/4132-927-0x00000208C0100000-0x00000208C012B000-memory.dmp

Filesize
172KB

Download
memory/4400-928-0x000001DCBE5E0000-0x000001DCBE60B000-memory.dmp

Filesize
172KB

Download
memory/4400-847-0x000001DCBE610000-0x000001DCBE611000-memory.dmp

Filesize
4KB

Download
memory/4812-887-0x0000024098370000-0x000002409839B000-memory.dmp

Filesize
172KB

Download
memory/4812-699-0x00007FFC19DC0000-0x00007FFC19DC1000-memory.dmp

Filesize
4KB

Download
memory/4812-700-0x00000240985B0000-0x00000240985B1000-memory.dmp

Filesize
4KB

Download
memory/4980-909-0x00000241C42E0000-0x00000241C4450000-memory.dmp

Filesize
1.4MB

Download
memory/4980-823-0x00000241CFAA0000-0x00000241CFAB0000-memory.dmp

Filesize
64KB

Download
memory/5972-916-0x0000016EFE1C0000-0x0000016EFE1C1000-memory.dmp

Filesize
4KB

Download
memory/5972-954-0x0000016EFE190000-0x0000016EFE1BB000-memory.dmp

Filesize
172KB

Download