43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

Analysis

max time kernel
1799s
max time network
1746s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/07/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller (1).exe
Size

2.3MB
MD5

8ad8b6593c91d7960dad476d6d4af34f
SHA1

0a95f110c8264cde7768a3fd76db5687fda830ea
SHA256

43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab
SHA512

09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686
SSDEEP

49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.5.1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 50 IoCs

pid	Process
1812	tor-browser-windows-x86_64-portable-13.5.1.exe
2908	firefox.exe
1276	firefox.exe
3032	firefox.exe
1232	firefox.exe
5228	firefox.exe
5216	tor.exe
5360	firefox.exe
5632	firefox.exe
5280	firefox.exe
5316	firefox.exe
5344	firefox.exe
5356	firefox.exe
5556	firefox.exe
6424	firefox.exe
6992	firefox.exe
6220	firefox.exe
5208	firefox.exe
2868	firefox.exe
6932	firefox.exe
6632	firefox.exe
740	firefox.exe
5676	firefox.exe
7128	firefox.exe
6416	firefox.exe
5560	firefox.exe
6520	firefox.exe
6172	firefox.exe
1232	firefox.exe
6544	firefox.exe
5996	firefox.exe
1464	firefox.exe
4896	firefox.exe
6148	firefox.exe
7148	firefox.exe
7068	firefox.exe
6444	firefox.exe
7964	firefox.exe
7572	firefox.exe
7872	firefox.exe
7420	firefox.exe
5152	firefox.exe
5656	firefox.exe
5144	firefox.exe
2044	firefox.exe
6404	firefox.exe
5092	firefox.exe
6528	firefox.exe
6176	firefox.exe
7388	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
1812	tor-browser-windows-x86_64-portable-13.5.1.exe
1812	tor-browser-windows-x86_64-portable-13.5.1.exe
1812	tor-browser-windows-x86_64-portable-13.5.1.exe
2908	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
3032	firefox.exe
3032	firefox.exe
3032	firefox.exe
3032	firefox.exe
1232	firefox.exe
1232	firefox.exe
1232	firefox.exe
1232	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5360	firefox.exe
5360	firefox.exe
5360	firefox.exe
5360	firefox.exe
1232	firefox.exe
1232	firefox.exe
5228	firefox.exe
5228	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5360	firefox.exe
5360	firefox.exe
5280	firefox.exe
5316	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5344	firefox.exe
5344	firefox.exe
5344	firefox.exe
5344	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5344	firefox.exe
5344	firefox.exe
5316	firefox.exe
5316	firefox.exe
5280	firefox.exe
5280	firefox.exe
5356	firefox.exe
5356	firefox.exe
5356	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	tor-browser-windows-x86_64-portable-13.5.1.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6672	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeDebugPrivilege	1008	WaveInstaller (1).exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	1276	firefox.exe
Token: SeDebugPrivilege	1276	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	6672	taskmgr.exe
Token: SeSystemProfilePrivilege	6672	taskmgr.exe
Token: SeCreateGlobalPrivilege	6672	taskmgr.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: 33	4240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4240	AUDIODG.EXE
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe
Token: SeDebugPrivilege	3188	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe
6672	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
3188	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe
1276	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 4268 wrote to memory of 3188	4268	firefox.exe	75
PID 3188 wrote to memory of 4832	3188	firefox.exe	76
PID 3188 wrote to memory of 4832	3188	firefox.exe	76
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 2204	3188	firefox.exe	77
PID 3188 wrote to memory of 4288	3188	firefox.exe	78
PID 3188 wrote to memory of 4288	3188	firefox.exe	78
PID 3188 wrote to memory of 4288	3188	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.0.2037369185\793069306" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed9d011-083a-418c-955f-182f584c24f6} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 1828 1813e2c7058 gpu
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.1.1742257958\1033424979" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00b0ad5-f9f2-48dc-9bd6-4431cea2dfd4} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 2184 1812bee6e58 socket
    3⤵
    PID:2204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.2.582111680\203669155" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e340ea5a-e73b-4815-afa2-ac08458a6757} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 2896 181425a3258 tab
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.3.185667952\1983334088" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ec6b30-8881-44c8-8a7a-7f41e3bd1967} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 3472 1812be5df58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.4.1721628838\97373767" -childID 3 -isForBrowser -prefsHandle 4160 -prefMapHandle 3520 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ba8369-d63a-4aa3-965e-f05be0ca200a} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 4176 181441e9b58 tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.5.1325949455\1723469181" -childID 4 -isForBrowser -prefsHandle 4756 -prefMapHandle 4780 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c31d93c3-b734-40f2-b585-4a20bbc8e8c0} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 4772 18140f2a558 tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.6.829214740\1232061274" -childID 5 -isForBrowser -prefsHandle 4888 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {174a46db-84c1-4562-8981-842d63c4d8ac} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 4972 18140f28758 tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.7.857401268\1138176664" -childID 6 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb592cd9-977d-412e-9e8a-5a3dcd4c24af} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 5096 18140f29358 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.8.1939389233\1398595505" -childID 7 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9dc4d3-e351-435f-bf80-db4b410c4b65} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 5644 1814684aa58 tab
    3⤵
    PID:412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3188.9.339815876\260591856" -childID 8 -isForBrowser -prefsHandle 4048 -prefMapHandle 3812 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f16803-66ba-4fe1-b0f1-0ee6ac9166ba} 3188 "\\.\pipe\gecko-crash-server-pipe.3188" 5288 181441eb358 tab
    3⤵
    PID:972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4624

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1812
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2908
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.0.81583852\262293214" -parentBuildID 20240708120000 -prefsHandle 1752 -prefMapHandle 1872 -prefsLen 19245 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {326b03a5-dfd6-4c9a-988e-18493497f1ed} 1276 gpu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3032
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.1.1520648084\515915796" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 20126 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {19d15032-a0e1-49e4-b314-997e5de40c9b} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1232
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:d729ae33477326b3607dcb6faa2ce5145353ed5cab57d642b0fc3e33ea +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1276 DisableNetwork 1
      4⤵
      Executes dropped EXE
      PID:5216
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.2.905674364\749256429" -childID 2 -isForBrowser -prefsHandle 2380 -prefMapHandle 2432 -prefsLen 20940 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5029a41e-8dfa-469f-b1e1-72e1ee610b9f} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5228
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.3.1240750754\536844293" -childID 3 -isForBrowser -prefsHandle 3276 -prefMapHandle 3076 -prefsLen 21017 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {acdebb14-f601-447c-b91b-b6319c91bdeb} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5360
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.4.2116140786\2115906038" -parentBuildID 20240708120000 -prefsHandle 3204 -prefMapHandle 3052 -prefsLen 22257 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f398e692-2bd0-4081-9e3b-224f83e0817a} 1276 rdd
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5632
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.5.1301129870\151502345" -childID 4 -isForBrowser -prefsHandle 2780 -prefMapHandle 2784 -prefsLen 22339 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {78a68dcd-9e1e-4dfe-b087-7ca286c8bfb4} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5280
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.6.1979337920\1843831216" -childID 5 -isForBrowser -prefsHandle 3816 -prefMapHandle 1972 -prefsLen 22339 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bd37d4ed-609c-428b-9747-372b470ee65f} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5316
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.7.1060983824\488850356" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 22339 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ca223cea-59bc-4245-97f1-fa48c6a48e49} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5344
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.8.1927322663\332084939" -childID 7 -isForBrowser -prefsHandle 1784 -prefMapHandle 2040 -prefsLen 22794 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ebb2d2fb-106e-4a7a-92c5-e9f5f6ad14e9} 1276 tab
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5356
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.9.712057748\450272869" -childID 8 -isForBrowser -prefsHandle 4004 -prefMapHandle 4520 -prefsLen 24870 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {312e3b8c-b7d5-4870-ad8a-86664e842194} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5556
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.10.1712307842\607669843" -childID 9 -isForBrowser -prefsHandle 4040 -prefMapHandle 3848 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ba7f05a7-47a1-47fc-b3cd-ec3f66e809f5} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6424
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.11.1070494981\268280302" -childID 10 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {45fbf9c8-4494-4204-96b7-4304b9754fad} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6992
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.12.1465817782\127465545" -childID 11 -isForBrowser -prefsHandle 4920 -prefMapHandle 2464 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e7f045bc-edb9-40cd-9277-3810af841c83} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6220
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.13.803252039\363184973" -childID 12 -isForBrowser -prefsHandle 4552 -prefMapHandle 1676 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {055fb82f-061f-42f9-b2a1-7d06dbb949f9} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:5208
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.14.975959272\1930423215" -childID 13 -isForBrowser -prefsHandle 3948 -prefMapHandle 3792 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {74a6f8c1-c757-436a-a602-bf8e9b05c0c2} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:2868
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.15.238388618\1379686865" -childID 14 -isForBrowser -prefsHandle 1564 -prefMapHandle 3984 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ab6275b8-406a-407a-8e15-7736406a6df0} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6932
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.16.478368988\1898242066" -childID 15 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b3fcc3c7-7595-4403-b517-59e777d4a1b7} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6632
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.17.925180253\273785323" -childID 16 -isForBrowser -prefsHandle 3936 -prefMapHandle 4600 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1402a00e-fdf3-45c2-a313-593aeb2ba2fd} 1276 tab
      4⤵
      Executes dropped EXE
      PID:740
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.18.252814002\1046103498" -childID 17 -isForBrowser -prefsHandle 4792 -prefMapHandle 4004 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7354e167-eac8-4cf3-95ec-38a697078a8d} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5676
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.19.1692044097\1823839884" -childID 18 -isForBrowser -prefsHandle 5184 -prefMapHandle 3936 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4bdbd73a-fc77-4d1f-b166-6a56a4924788} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7128
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.20.1672133133\1482426568" -childID 19 -isForBrowser -prefsHandle 3936 -prefMapHandle 5308 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e1e6d0c1-a4d8-4efa-acca-40e0c00f3a10} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6416
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.21.1246325921\504879802" -childID 20 -isForBrowser -prefsHandle 6908 -prefMapHandle 6912 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e5dd0ce6-9dca-4049-ac71-76cd25e4a327} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5560
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.22.896868318\268864707" -childID 21 -isForBrowser -prefsHandle 9096 -prefMapHandle 8992 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4f1fe16a-1f70-428e-9245-242403580f2f} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6520
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.23.924441508\1111482806" -childID 22 -isForBrowser -prefsHandle 5092 -prefMapHandle 8924 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6e1dcab8-e7ec-4204-90da-f876e580d00b} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6172
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.24.1559961753\303934239" -childID 23 -isForBrowser -prefsHandle 5320 -prefMapHandle 6868 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ca79eac3-29fe-4e8d-86b7-63e148a7f63d} 1276 tab
      4⤵
      Executes dropped EXE
      PID:1232
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.25.1842343823\980089343" -childID 24 -isForBrowser -prefsHandle 4492 -prefMapHandle 2952 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9e56a53f-87f3-46b8-9c80-985f3a20d7d5} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6544
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.26.1419426460\248713369" -childID 25 -isForBrowser -prefsHandle 9100 -prefMapHandle 2660 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {510fa669-b87d-481c-a62f-c41df7542454} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5996
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.27.1932470620\1778282459" -childID 26 -isForBrowser -prefsHandle 4584 -prefMapHandle 5148 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {52579fcd-ed53-4985-8a64-eb1ebe963b25} 1276 tab
      4⤵
      Executes dropped EXE
      PID:1464
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.28.1148142279\416642838" -childID 27 -isForBrowser -prefsHandle 6420 -prefMapHandle 6424 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {77aa1dc2-aa2f-4dd3-9313-e6c0e8e82f03} 1276 tab
      4⤵
      Executes dropped EXE
      PID:4896
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.29.1128735699\1165623499" -childID 28 -isForBrowser -prefsHandle 6252 -prefMapHandle 6248 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f83d99b8-2abb-4cea-ac16-606e1ebc1459} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6148
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.30.214982263\484235898" -childID 29 -isForBrowser -prefsHandle 6260 -prefMapHandle 6008 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8dda3075-bf1d-419b-b0c8-28b8d18a923f} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7148
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.31.154175391\622817677" -childID 30 -isForBrowser -prefsHandle 6008 -prefMapHandle 6412 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ccac392e-0f04-4832-9b71-e118a21b83e0} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7068
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.32.1945831606\1067978247" -childID 31 -isForBrowser -prefsHandle 8948 -prefMapHandle 6660 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {214cb671-8195-4499-9c62-d00b22b0d27d} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6444
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.33.1982957833\2013028925" -childID 32 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e7eadcce-3032-4446-b016-248096353a12} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7964
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.34.2026111796\1141676439" -childID 33 -isForBrowser -prefsHandle 5524 -prefMapHandle 5628 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ddcb1cc1-2d57-4365-ae34-d06d780cb279} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:7572
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.35.735205937\699639156" -childID 34 -isForBrowser -prefsHandle 5276 -prefMapHandle 4524 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4232163b-cc87-4d21-9f10-3157522f6a6d} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7872
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.36.164438717\920877880" -childID 35 -isForBrowser -prefsHandle 5368 -prefMapHandle 5164 -prefsLen 22910 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a7232475-6137-4fa9-b9fb-fcc48d25df14} 1276 tab
      4⤵
      Executes dropped EXE
      PID:7420
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.37.573877672\385012686" -childID 36 -isForBrowser -prefsHandle 6872 -prefMapHandle 5324 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {222bc48b-368f-4162-8976-2d09f8519649} 1276 tab
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:5152
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.38.1305009471\187921186" -childID 37 -isForBrowser -prefsHandle 4284 -prefMapHandle 5476 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {53a2645f-f1b0-4c5f-802a-98765184b721} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5656
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.39.104531303\1107374775" -childID 38 -isForBrowser -prefsHandle 8948 -prefMapHandle 5712 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {95d41da6-84de-4334-b43f-9784ff6d5c38} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5144
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.40.840141912\1840646959" -childID 39 -isForBrowser -prefsHandle 3976 -prefMapHandle 1692 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b561f79b-d552-4d41-bb3a-1d66dd610b18} 1276 tab
      4⤵
      Executes dropped EXE
      PID:2044
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.41.1441093567\1065069029" -childID 40 -isForBrowser -prefsHandle 6348 -prefMapHandle 4968 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e790f261-88b4-4223-9bf8-35caab6b34a0} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6404
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.42.1339027501\576393516" -childID 41 -isForBrowser -prefsHandle 5912 -prefMapHandle 6152 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {62e9b611-edb6-4f3f-b7a6-dcdafd576ca1} 1276 tab
      4⤵
      Executes dropped EXE
      PID:5092
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.43.1898653832\513512733" -childID 42 -isForBrowser -prefsHandle 864 -prefMapHandle 868 -prefsLen 23034 -prefMapSize 240456 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240708120000 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7ae23ece-b910-4e55-959a-9c3ba092887d} 1276 tab
      4⤵
      Executes dropped EXE
      PID:6528
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.44.1855433924\1466510487" -parentBuildID 20240708120000 -sandboxingKind 1 -prefsHandle 6652 -prefMapHandle 1004 -prefsLen 25021 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1e9b2a39-dc26-4d12-808e-5626e20f79a7} 1276 utility
      4⤵
      Executes dropped EXE
      PID:6176
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.45.100061544\417372306" -parentBuildID 20240708120000 -sandboxingKind 0 -prefsHandle 5900 -prefMapHandle 3668 -prefsLen 25021 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c755aa0e-f4cf-432b-9564-b693f3eb8039} 1276 utility
      4⤵
      Executes dropped EXE
      PID:7388

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11884

Filesize
15KB

MD5
7cfb12d4ba1d1cb29c6c6b05384478df

SHA1
06ebdaf82ffdd999c9625cfbde12049d51ac4bd5

SHA256
7d22586f42be55714181871204bf87a3e64e9ba5b1c3facd12632cebb4b14914

SHA512
4af4bfbcf7e18afbc9d5f8d87a9c5239fe8a677fca7be01dbff829aa8ea9dc583e54dd08ec5a9fd4f0af589f3553852ee43e7c2bc96547761d93cc51e9514d38

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14580

Filesize
9KB

MD5
4aeec238925ab1ad6d9c8c0647f901f8

SHA1
ebcb14551b345c69e092c3fffc217b03f8a016d7

SHA256
83f461064688bd7e3d807c83385fe1ecaa536b00ed9131060b7811e984a9148c

SHA512
df5e2b0abde58ed635bfd72950082c86978d2eeeceb9f5fe9e581ea3071f358e8c88860ec4aff0a63b367d19a854ba51069b9841654cec7e80a4827ad0d80a0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EAEDA86B9FDA34891F4A8C93B5A09E2B17874BC2

Filesize
60KB

MD5
ff95a4794ca8c5e33a3d527faa9c47cb

SHA1
e76ae66823e5c309f6afb199e7760667a3740331

SHA256
cbb635556fa549a57aea49a57f763f9b1ded85824991470577296f0d3e371569

SHA512
082684a5117f1740153561ca60799eb1ec00f84d6bf6544bac3e75fbcd072d8d5a5dbf2b96c7ea5101ff3b90c693f6aeabfb03cc4af4de5775e785089a60c6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp-1rb.xpi

Filesize
932KB

MD5
251150b67c4a694555ecd4a6bdcf5993

SHA1
92b571569aa6c265a6dcf715c04de50bacf712a4

SHA256
b22c007534471a8fb74378e970ba79a536a44f88d81ad3852273b82a466d10c7

SHA512
c525dde844ac84a92ee4098369a8e8c958e475cc785fe1a6c514618a59dd48a1d75ed30523ae20b044909527d0d29102fd644e5e7853568b584663c0a0221d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
256e9cb486a2d54a9f0e4dca76bc1d24

SHA1
eace0fa214d2aabfe3c2313a401ef1bde5e1ad83

SHA256
74ff83b42a45eb0be9e4ed2af5656cc550be0ddba19520d3bf37d2858e0c7815

SHA512
3c271550704861031f9afd4aa85b4274214af795820ae228490512e367a30cc703f02bcc26181e6a66500453b660ca3c4a04debf7deac34246911584e7a8050e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
36c46277e684fb87a328ca57c3c5262a

SHA1
34ee4ab3e06f1c0fb3cc1cca9064da058979860d

SHA256
a66783014ff93e07fe960c97e5fa89e91cf7be4bacffabc4a8ef0bff68fdd86f

SHA512
c15eb0f352b7035190a2f511abf221a71756e70dc25f43724de1b344e5d811e154a6d0f9c22e247b8d6c1bc66d55c625b4806e5b6d50d0337533bb3db042c391

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
58c9ab08d8db07a68ac801a45799753a

SHA1
b10ca697cf1f394d219130babc84f720fced1c67

SHA256
24c437cffef913d0707ac5843a7390a2cf81dd5fbbfa8eb1b61dcb693c6d5ff7

SHA512
7af2292902a263f31714ff202da72cbbf8ef88d38501c05783aefc2a93925b1b0dafc576fa67eb5207479fb2edef621df6f8e00d659ff849f6e4ece6c2486ea3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
dbbb2615568994ded9e295a59eaca68a

SHA1
e00ac4a40398dd8b206d3a2ce58583788b8e958d

SHA256
9ad58b98d27e19ec542459c31b8e13b0a1dd37bca00fbdddd2a6a15935b7ba2e

SHA512
6c868f9a05af649615d7392f0af354c24e00631cf2a82874021f8e48ec474033abeb3b1e5fd22772aac08cb30231440299b211ce3c235caf908cc205d42e1bd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\06a3926f-a1b8-48a6-9e1f-93bbb73ebd86

Filesize
668B

MD5
3439ca643aa2d5e86081f1a27c7a7f35

SHA1
ed78cd867176d017af5ba013eb1c149b2cbc7bc4

SHA256
1cfb636a201929888bf4f426858c1f060ba015c0647d0035500592a140329fd2

SHA512
9c5d384bd5a8038a7c98952a43aa32d916e2f6e855a11814a9ea5e34fed314d55e985aede671867196764fadf59a503b41de7047d0c0592f6f760d34f182c228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b97d0ea2-eaec-40f2-a689-ad0ea27e6935

Filesize
734B

MD5
3c1f84116e9697e20f5d3438a7967dc2

SHA1
54f422193a16f173cd143716620f2663a45b2395

SHA256
90db092a5553a215b11f8577b6f482019ccd58b27fb434558a2d0d4145dcfd4e

SHA512
34e4cfda033317fefb4ad845b12fbd7dad7d35b0be242cf05d187a50a856be21d8255241e9612d7154b602a3a81caf607582cd1b72200323dbc1e3b1e508aa88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d757c72e-d882-405b-9500-df8754c3b866

Filesize
855B

MD5
288631c0a60839c4378e277ff3a8de7d

SHA1
83736ce154896ada670034117ed72ce9c43aa3bd

SHA256
e73ab849f86dfec77ad44cd425213567ba7be185fa9610f50076d9f4760add80

SHA512
a4b2800b47f1db2aa4eb54d7f3c6485da9e06e9b6d368fc033106fe821dcf8c1c33e3d8766da4cac81aa7d256261ac7a013e788554271e7c079597e2fb9246ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e132c377-79ed-4cf1-9c39-3c2b026be809

Filesize
933B

MD5
1e01c8aee615d572531c1f60b69dea30

SHA1
39de533b0ef46ea92fd1a9ccbd24b12156c17087

SHA256
744087a686c66ea38c81612717313915c934522616d912a30c0e4300a6631437

SHA512
8b38d1274ce36a77e63de421eb9fe7b45647ec41c88e5eb71a78cbcd10216623d67df922f7e4925a8d6e564a6f076b99900e58793e4d001fbb1f4024fb61ad4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
352319aba709d02849460c9f1fa9daae

SHA1
08f0e986427a77097b6e8add162fd376f7f61b45

SHA256
b453c7a287118495c237f41dd60e44464fedcf7ec12558dbc42dd5983a555a8f

SHA512
04b8e237f55821947680e8c22aca53ddbea3e18969d358b820a6b8bf0ecc898904ea30845cad41ac8723b6b291118bd3b86863fcbfeee7e2bf48ba2c8b5adae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
4767eeb03af31e2693f31abbb2008f7d

SHA1
0a20dbce40d4af26702ff5ac05286bf4e70bc0e9

SHA256
9d72f1a248394748d9de69a7d8e59e09144bd07b361bf63b8100af1ec925a8e9

SHA512
5983258867b8a08ddb9674ac1a311e35502806eba500dbf986d9646148d63b079ddd349d7afc8e73509ac1dfae64902a92c380b5a28d126bc0895147a6f0cdf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
0d796a65c7951812cc38e65d76f773c9

SHA1
c7dfac1440625e3732fe12b880b42e1785a57da1

SHA256
fde6bb202d7419d0175c7fe705ee5efde260ac7f779192c5f9ce2c75cb880fcd

SHA512
656c0c453e93cd7e63d0bea2b397b6abdb85f32e54d6936fb2929de1c9735e2b72aaae671556d942be24ea11b1bff09a36002d552220d297943648eb28dd0043

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
16c38f9b3261da30778160c9f25e03ee

SHA1
6b7c9c7f74552dfd0f06215358a4eab47b04a9bd

SHA256
3f411824b55c7edb818bb8dd91acf3adf179adf1273638d4e0efd3b85d3eb014

SHA512
7c2b682f091062160e215cdc16f6e13c8a955ee751d54ceada5804facbd9856f2856034922ba7fa3e40c0564d779cbb2d7cc035c428ba6b3342f4ee886d3aa41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
d86e038a622925c4125ed7fd43164d45

SHA1
1da9e1cfeb657cbfcd5f043f6d41c61c88d98583

SHA256
c192985957c412b1ec724ef655666906719928f3e7169ce68aa8b52750fa298e

SHA512
c69aca70a44f1f2a2253abc6c323e7b62f5356af0cb9b654b3f74f57502e4bbdf7d0433939bfb1e278fe7a06a86a5cd3ccf406622b0c90a325416daea2b1f47a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8c9fd816f358f6f6481e8858414d7c7d

SHA1
95a2d43cd54209950a11e26cc3c302b4c710622d

SHA256
6b1d26463ca75105c530f9e9db24e5b0cf3e675b2885439a6bee6103ac65ce20

SHA512
b385d7471974bd64ba3a931e803da6e8779a50333062bcec7004844afc1fdcd28e8d852ef0edf26d95940c9a249bd63f21177a941b0b6afd7b491b98f2ba600c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
1b5662338b82dc1289522c1d5f98acc2

SHA1
4ba59f377ee94c4cb1389dc43896f27660fc91cb

SHA256
c6df5825b020d97ecf8a22a9c181ddce45cd5489e1501b1ca315f754c38f63aa

SHA512
3d71f477bbd4d039047a48a11deb0fa4a1c91364b215bc83e0d538613d5a88891122d13f5451b278cc4a9eba496ddf9105e8fd97f9772d6be86fbc001bea32b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
286f1426f6e4f64620323a9c8ee5ee12

SHA1
ab7ff848703b044696ca76f10883adc77125c4ab

SHA256
92e426f8c41c79fb37d597d28769f60d7f1e16e28b8245f569d8aa2116229049

SHA512
29088691bfc4aff938ea87575eed8097eae71a9469c8d22fc0c216ba651714c6323c76fd1228f21d6a029888266a161fb35f0c69efa290a861c65640cb9841c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
db247e3654308a03962ba4a69015942c

SHA1
9e334f888b150c8a805257e803d8bae3f4286a79

SHA256
79c05f34e7dc19125a0505befd283b93fa67ef7691afdf1f42d52a72efa0031b

SHA512
13a8c406873f7dd271398df1e0d8806600af62e3f213091032e84bd8e01d759a08edb68f8d83179e65fc237eb15e59da6569d15982cb32e8f636242647d12bb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
82f05bd2ca37a500c08e9a0e494b1b7e

SHA1
b434480f83f6c716cc9c898f3439f3b345fb1733

SHA256
7c755e3c44a0811dadbcc79a602b255d3dc7c20b1ddfb48edd3e5488c03f5d02

SHA512
dd84e8064658cce1cb6a2c164c36a2f4283eab03467f5ae39ce36de52db3a8b4e57c5e92a56982546f1f083bcea16158e04934f937ab9fced4f1e8e0c9ff9a45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a71e44391a8c15dadce24879fcb1b922

SHA1
8af6763c69d84217e7b8d56b5f1c190d64f359dc

SHA256
5f426026bee644481a90c34011b7a846e229778d42a6a0fe04b7991aaab4377e

SHA512
74fb03daa8bc87e16ba24cfe42f84cecab8bcdd31e64b7f8291ae52fe6fc9aa23be04e0acdd90086c9feeaf178e49c56db47e559b5aa73aaec5b25ad47fd5af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
73f4ae6840d0800e9b0e6a03dfcc3c29

SHA1
f04793edf4b13fc0af35df3e87a1e705c2aa0c05

SHA256
69c3bbe6d78cbe14be6002ae7a5e0c8ca5160f8bcf629e8d0cdfa2a69147bc5f

SHA512
2c621dc7caecad173732255bd7ac460a65bac0d60dc017733672138a27e83b4230b66db658ddc314b0deb27da3101848e3f53e6953526caeae6e771f6accf9e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7dd4a9cba416e96a9c1292cb5f431609

SHA1
58e8cdd8090c4bd99129534fe60b48aaadc2265f

SHA256
a2aa63d62edb52466667b05380308f0850b14fdac519fc316bbea87c8a489310

SHA512
b06341fca70b983ccf59f7093b9e22b21986524e0287153e0429adeffb586e3b1bb1a4f3a0253fd800603440b379435ed32246a151e1ba5d4bc4ceae79397784

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
674a6b5676724fa94a2048b1d575d44a

SHA1
b3385af298f177e873b1f7c65092b381c8485488

SHA256
85b156075f68605f0ece309f2c2a2d06ab110f057bd396da60bed157ccb0523e

SHA512
4e07696541f994c77669e515e61e086baa2fdda801954376a0c97238dfe9a90549c7df97a2bd5756583e7cd3ebbbc999eef667aed3bc243fcf307db0e57e115d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7f868e557b098795d645df9ea302427f

SHA1
001f3306144559b4049a8ab139b4139f51e59c0e

SHA256
b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

SHA512
56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
e25b822f8441d09f1ea0ef9bde1925f0

SHA1
214474d7ab6f1e9a2e7fb07bcf0c9de67b26eb3b

SHA256
c854da376c9174d455621fbafbcc055d28f7d0ad0f304d408d4351152676b991

SHA512
693854a1706221e9edf4b357ca1ed750fc45656dc86a1f88867ab4cc1292a4160b14e6164c32419e6c387c68c126c7e757cde68b597f21b07d76c924a3b9e197

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
88d1a2455ba8a57e20f5afc01b527f5c

SHA1
8cc6d019fe4eff6298edbfc8fbcc5da457f5cff2

SHA256
f7d5923fdb71b6fef89a838df4e27cbd62057f152bd659d09c8fbe22675bb248

SHA512
d9d2332cf3d50f80c055f784eb58eb741e55c3294ecabd0ae88aa289d332e5060600c93522fe5713cd5cb9dc616205eda472943f4c0e4380d0378d2f42bdea70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
ae7f4596d336fdab493992f7754b81b3

SHA1
a3908ceffac375112421382948339c4aa0f71e3f

SHA256
68551bb767470425de9610ef510564e1a9dcb0ff715f9999d2dc9162811bbef2

SHA512
b77fea429606aa4b7175bc38bd4605f9b72054f820c694bd7787e076b066cf875965b20f92e48d1bb58bd51a3990a81e43a9e2a93f23940a5502bba17cd30a93

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
a7bba756960e866da91a79a2402358be

SHA1
bf19b972c94d4625a25e140521ae951aed028728

SHA256
79980ea82951fd7c3d14d176b894c5d08a414decbc4059f76be92293a950b2f6

SHA512
94104f728ab28525afe0210e4578e4415d7335568bc061309400e5ca1f5cac3c29d5e7530ae3a23009bcf13025a4e1aa21b1832d41743988c3a2af4a332163e9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
5b43f3fbfd10f930fef7adf8fb60a974

SHA1
131cc0b834f2f7191fbc1ddabdd2fd022e3507fa

SHA256
864a6259ec9bac755632b6926134b4938c873acbb7388c76fb67eb0d503fd316

SHA512
c9f2136bb1ee0ca0bda8e4a9b5a9068422ead14d810fd04ceb28a1133979a5be156a2513ec6803aa653edc61c0f84efd01bfc4ed1649f43fd6f26b7df9736267

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
c472b257173cbd5b5b8eaaf4076e6644

SHA1
af7f44202c1c439b432267e8e852955ca66bd09d

SHA256
f7d88962ab6eb07ee3a2537b99631ff204900e8f2302bd6efa88c0e9d627aaec

SHA512
f9397cb633832583f7d097b1e1473b6a9dc03d14e324daad66489730f676ddcbd8ca2c8cb15d1829edb7d95611d9758a0f34473acac6efe8578307be90842bfd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
4cc37bbfe2e5f6ee35c315f9768dedf1

SHA1
62907d1299bdc2ab62c300d2de5c623c64297e42

SHA256
e3b6000e33a3b902dd22e9baa94c2c1d75bd73d9a7b25ae0ec94ebcd260a6d98

SHA512
33387149292754e71d260c4bd07db996252a71dceba345b437efd866d342b177a17db04558968c744a7fc3be8b942a98e22579e78f29401a03f525125683b690

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
11.6MB

MD5
fc1922d1bebbb37cf3b9250920010b7a

SHA1
e0eff14a21d132e2151fbceb3b3382f91c5917e4

SHA256
6ba71badf8276258028d6aad8e561e2ff49bf80652610f536a214071c01aa83e

SHA512
24d4f93351dc5a02ebf83c6749332a1d27640e2f8643aadc0fb4176394b9986cea8f41898f96425c411df68264bc86a560cbee6fa4ae3a4a14d944593623b892

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.8MB

MD5
66dddf1dae49706c992cfceec3f3ba23

SHA1
074cea24e40f3b6ce7bbc68ff542b462be1c7fe0

SHA256
f13063c411765c6ee1190fb2870c1bb794cfc367aef9a53b7ca44019347c2eef

SHA512
1e4f60e286e87a9720e1c41fa584e69036c20e77fa139f4e2af2bc2e2037441b7522e2fac3224116de011fcd2d2419a35f1e3c296f20157fdf91827e5c4d5630

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.8MB

MD5
67f708f227c0338550952313e5e382f7

SHA1
43511dfa2d91f6cc4c429336678cbcf08ddb6489

SHA256
a2ebed521db5d43af62eff32b7ee77a7a342ae6661a0fda60be785329b3956ba

SHA512
4a0fdece1ed1a290731ef21e976f3074b70660c957cdc2067d506e4f08f3af7673f578afb108263e7a61ac6e773c0f747ff325b7fa4a3eaa1f77872743813614

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

Filesize
198KB

MD5
7b5138efef2c02dda9cfae9917cd913f

SHA1
b44b58f354c4a68e119df226f01ad763b2d1025c

SHA256
9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

SHA512
47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

Filesize
7KB

MD5
bd4c30081a164037311e8712423c5bf2

SHA1
2a13bc7987ca34644b075c1fe197ba293b4ca527

SHA256
bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

SHA512
2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

Filesize
5KB

MD5
34699ac8824cdb6593b4dbef605dd6b2

SHA1
22ff82e35cbb1ac9053f767f404ee351786fe0c2

SHA256
328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

SHA512
fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

Filesize
111KB

MD5
fc6ec655d6a00c567119522854e24172

SHA1
b72baef2dc0aca98cf7d3458cc027f4b0622db08

SHA256
0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

SHA512
0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf

Filesize
80KB

MD5
82f2c632a76dc9922cd85630d0c97db9

SHA1
4558e69543903a058b3d5a7b8f50a6dea8ea50f9

SHA256
60ce1d029e35b432dd68cc9f6c94f69bd84d8c97f28f06130186606dd2c3325d

SHA512
cbfe37179fa4bd8618eade5e5168dcfab9d784586319014692bcfc7f767187e4beee24b3afb471abdd9adde747eaf51648926ed1a790e9f8458152c283fb34e0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf

Filesize
31KB

MD5
bf95af30d1db0fdb374cf646dc81b461

SHA1
6bf52ccaba21c23a9b461af8cfb7574bad6bee3e

SHA256
74cbbe944f25c64f0fd2f158716a648b970e3df714f8ca2644d56f65f5eeee4e

SHA512
52c5fc608d9e771cffc6de8ffcb953240cd445e77c4d65582dba198eec33c247891bed32de7b88c22f177e07c094716210623d1381c4cbb68fc5ad048cc24e3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf

Filesize
92KB

MD5
fd393a7c5b16eba60e38b72b5fa3a2dd

SHA1
d074eb1baea8caf869ba6aba69b9cc9b2fc4568f

SHA256
c052352137ae8d283840a0e2991a675d47859d8fdbae5726d373d4f0d97a8c87

SHA512
30d5c5f5069580186ded817621ad2c6eca338216680c288b249972d420f009fe94f77ef44b106355223a80ade7f9d851a6e6fe6417d2bbbb35b9f0182a1c9180

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf

Filesize
47KB

MD5
bc7e07463581535f8cf124dbfda9bb5f

SHA1
4d59c125be1263685c909b8f1b202194a0087e70

SHA256
e3d5915c74797a084d8525cc5fb8da08d0c1256b7ea75f6687fee3f28d2c58df

SHA512
ccf8477dfc771c00a5a0e3b3cc0bbce06291679f077f24858b1547de4ac21fd21805c1a1ef6ae8a0215b8b956562a349ee32a956ca5750ff8923c6c19335474a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf

Filesize
19KB

MD5
c0d20faa4acd8b886197e897a6ddc7d4

SHA1
64355303ac0b639f0135bb51325b8aee780b11e4

SHA256
9f384e8a75a059b8efcbead73ef5aa3b504ac3e9d218be5368a20b19bfccdeec

SHA512
c7062651d7fdaae6168f65887f1a6d07b95b721efbe3d756f5a1fad58641f2b5fd1a3d732ae4225ee3228454ed1982c7258be70abb41ab9d8ed867915337192f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf

Filesize
229KB

MD5
2358cc51bd1271c89f2c173e684876fa

SHA1
7c30d7317d34ce0503bfd3b24900bd0fa4c6a69b

SHA256
dc0eb899c5852c819bfb30482e6f2ee1e44a4c8cd28f6622a2d4561bf1e3e444

SHA512
873696739807520826aa7c6b825701dc36786d020902eedb6ec7438d9aee71efcf1c6dbedf7bd4dea7604de73e1506f66961f7b5f5c80b7a9e71c73bb3aab264

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf

Filesize
18KB

MD5
1c7297bc694bdb5baba7c1d39f333c63

SHA1
4de6449e4f8d315c91109a741ced09b86c3302c9

SHA256
6d52707e91a77e23f389f42b5da65d7047205e7833041fe0b2cd7ff280e14749

SHA512
91ba1203c4057c930ef08470395c91b03c2618f5decb9bbedd9b37f858a29c63e537c658bcae73fc32fa7e9e11911bba6d0fc540b16e180936c8082ef00f15ca

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf

Filesize
367KB

MD5
de7cf6c6fa2fbc854dcf6d2e2716f1d1

SHA1
f07c1412adb1cc2d742546a25eb66ba63ee3c840

SHA256
f6f7fc379db9438959a2b0527e7a2cf36ea9c84626d56ec444fff37fc24c3c10

SHA512
ee98dc59d2fe843fbcad6eb2009ef865016478ef655dd2f873b4bc45c4e67908aac4b776c5846514d3f80aa4843d1426b797f2c385e7d3ce814d7d96386049b2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf

Filesize
51KB

MD5
61f5441fdfe5be8a1b933ef1ef674ec4

SHA1
07a3c3cbd0f7d2cfef5e74e1c28d5b2ccbca35eb

SHA256
a14c27d89ef15d7855dcf03c6524cd2d98ce7d4374dcd7643b7d07d7ba0f13a5

SHA512
2dc8136cb7f4bb57ae2c7bab7b775c317f6f46e76eeeca93bbb0d9edcde3f35e9420601bf3d6e1043511d02d7447e2b64214a89f02f5b32e30ee347236bfcd78

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf

Filesize
350KB

MD5
a3d0e9dded672781968f021d6f869ae5

SHA1
98af88c343c9b761b0a0b03859fcb1ace7851a40

SHA256
98a079a902bcd5f298cdcf59eeb21bbc8565b4f361e75faba300aac376b842cf

SHA512
e60d5ceb0b82dcb1f58969487a3075bed673881219c082ee78e6102c4cf17122e8537c8b6e58d2f9b8097b5a1902711b743e9e4cbc455dcf3dbb4bac796d8b28

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf

Filesize
201KB

MD5
3853291b52d0b987d15b3595bd792584

SHA1
e7fbec665568bc358510f56c7f610c0b7cc1e9a5

SHA256
c92e0697dc2d2cae1db5a447bd0bb8a690dfdbacbe618841b21cbfc2f483242e

SHA512
0a44cc5cfde9b74da17f81c432f487bc1276c0ad29b01a9d61e535f690b785dec0cba7f2ed828a1b8381050714ebd6309721bdd7b80e6a1ad9b0e9e0af966581

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.4MB

MD5
8fd3941992025a21c4822049d0e06e63

SHA1
4c9f80b5e14ada595e59257bd833c716d73042a8

SHA256
f13a14ef31a833630c85557906706e6af92f3c4f0a42bba8103de4b21a12b22f

SHA512
a9ea6315b782e28d8af2db746867c786b6fd4a16c1393db98309d705437eefda0fdb1be6fc8ac745ea6a743d3672f6c47dced7de2836846383b78ff962240f8d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
a50efce3ea2a62f2da10ad416fcaedc2

SHA1
c3ec59463afc00bbeb99aa52945fd7618713951d

SHA256
fb5038ce31bb4ef99386cfc3684f7ba3797a920fc4046669b64a96bba09ce9f6

SHA512
13a10770eb4197ed68c330a4fdb6c7bc0519a227f8ec2c62d7eee972fde34c4292e2eb5dc3ca0b375ffabbf6f83e70d892d2177a671fc7845696d4895f2094ef

Download Submit
\Users\Admin\AppData\Local\Temp\nsk984C.tmp\LangDLL.dll

Filesize
7KB

MD5
d02e216c527f97b5cd320770cbe03a0d

SHA1
76a0bea3650c393341e240231cf999d11a3d8eb8

SHA256
cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

SHA512
39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

Download Submit
\Users\Admin\AppData\Local\Temp\nsk984C.tmp\System.dll

Filesize
24KB

MD5
62a6f7756aabaeafe2eaa8a1b19eeb99

SHA1
24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

SHA256
4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

SHA512
7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

Download Submit
\Users\Admin\AppData\Local\Temp\nsk984C.tmp\nsDialogs.dll

Filesize
13KB

MD5
6cac9c4cbadc065beeebe16e57279a9a

SHA1
26bcac80ab11c56d8d9de74a85ef2314044f96ca

SHA256
f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

SHA512
854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
dd3e5d568d6ec781aedf5e1705f283b8

SHA1
b21fda9c83707f5baf2eceffd4496339f6d145c5

SHA256
ed1d55d6f52963ca4918c15c1f69f26ad14519a1e7e08f8a3669b0ce13b4a30d

SHA512
4076331b5a25587006a97b41c181d5561e5c717a8d9b55f54152e4a014ee39bf809af560dd81aa8fd0df05ff5e3280e1891cfb0aadb944faf3ac9c4beac87e01

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
f6392fe326919b1db4aeeb8aeb6820de

SHA1
0ff0f4c214344eabad089ae87d26a94cafc722dc

SHA256
9c9d86ba3a50de00dc85ea5c04b7e1e65176405732b5c95e9f099411b051fa34

SHA512
4bf9a7d0f89f5f5cad63e18fdb798c247b9504157f9ab771ac6240fd8cbde8e948aaa0764ec312807bebe0139afd20a964d4bdc77b96420236ce68240f53d0fd

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
eb388726725c57ccd28cad1dccee33b6

SHA1
35429d8a907b07286a884c0e9cb2fcf78e93f8a1

SHA256
a6bbd19e33a9d2b539c798261ed400c74b239527ad17109ad549a972bd6cebd6

SHA512
dc9aa4f26a86fbfa6caf7d476e59975fc79da314eab8cdf5e2899d681e8b9d3767e531a656471e3ea2129f4e688ad1e0c472eb5d20ea8a8ed94c00d9fc66a48f

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
43cd2b07fa362a2f229968c0e834093f

SHA1
2f637aec344e6bca1df4a51cb05c0cd10d3d6dc7

SHA256
4625cfe435db2f7d9d2bc722a2e8e7b46c6f74a6f5954cca2daa2c94c3265f7c

SHA512
c32c982ac99fead6b8d7f0f3bad200c4d54f5d5b7187ea44ec79c9361603ac5438ace94bd5fd614f41f49684195b7777de195848dc004d7c7a1d02a29c6ae5cb

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
aa0cb6c47b9c739dc8a4647b79787cfc

SHA1
908278d0aa0b43c2d9fe18c1a1596056e715df11

SHA256
4b8e24aa607e0b5982d2854a7609e72cab0bc5415c1bf8162de541f279de2e11

SHA512
b92e377c4e7f39087625704c174514d1e87c5ff462181938ba979ad753e381771b8838febee99c276b66bd73b3e6d6f1473d59d2062ce3766b1a431ed3c5a6c3

Download Submit
\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
cbcdffcdcd140b9ea3dc081ecfcbbd46

SHA1
ab44ac9317b82edb780a2167da6d459b9a423a74

SHA256
16ef79086baa56c10589ec945fa3760ddbbbcf4061612ad4a6992bfc24cd26ba

SHA512
5e46812981012f29011161740736c35d356d49b23062cf8d73a5f1ea1b08f107e8db29086881d9c556f7783cfab9d580bc67b0ee813192ddea28ec2f46415129

Download Submit
memory/1008-9-0x0000000073350000-0x0000000073A3E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-11-0x0000000073350000-0x0000000073A3E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-0-0x000000007335E000-0x000000007335F000-memory.dmp

Filesize
4KB

Download
memory/1008-8-0x0000000009CD0000-0x0000000009D08000-memory.dmp

Filesize
224KB

Download
memory/1008-7-0x0000000073350000-0x0000000073A3E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-6-0x0000000005240000-0x0000000005248000-memory.dmp

Filesize
32KB

Download
memory/1008-5-0x0000000002C80000-0x0000000002C88000-memory.dmp

Filesize
32KB

Download
memory/1008-4-0x0000000005330000-0x00000000053B2000-memory.dmp

Filesize
520KB

Download
memory/1008-3-0x0000000005280000-0x0000000005332000-memory.dmp

Filesize
712KB

Download
memory/1008-2-0x0000000073350000-0x0000000073A3E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-1-0x0000000000720000-0x000000000096A000-memory.dmp

Filesize
2.3MB

Download
memory/1276-981-0x0000013CC4480000-0x0000013CC4490000-memory.dmp

Filesize
64KB

Download
memory/1276-890-0x0000013CCBD40000-0x0000013CCBD50000-memory.dmp

Filesize
64KB

Download