Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/k...

windows10-2004-x64

10

Analysis

  • max time kernel
    527s
  • max time network
    529s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/kh4sh3i/Ransomware-Samples

Score
10/10
cerberdiscoveryevasionpersistenceprivilege_escalationransomwaretrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___YB18OQV_.hta

Family

cerber

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;: Instructi&#111;ns</title> <HTA:APPLICATION APPLICATIONNAME="5K" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } ul { list-style-type: none; margin: 0; padding: 0; } .button { color: #04a; cursor: pointer; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .h { display: none; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #efe; border: 2pt solid #bda; display: inline-block; padding: 1.5%; text-align: center; } .updating { color: red; display: none; padding-left: 35px; background: url("data:image/gif;base64,R0lGODlhGQAZAKIEAMzMzJmZmTMzM2ZmZgAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFAAAEACwAAAAAGQAZAAADVki63P4wSEiZvLXemRf4yhYoQ0l9aMiVLISCDms+L/DIwwnfc+c3qZ9g6Hn5hkhF7YgUKI2dpvNpExJ/WKquSoMCvd9geDeuBpcuGFrcQWep5Df7jU0AACH5BAUAAAQALAoAAQAOABQAAAMwSLDU/iu+Gdl0FbTAqeXg5YCdSJCBuZVqKw5wC8/qHJv2IN+uKvytn9AnFBCHx0cCACH5BAUAAAQALAoABAAOABQAAAMzSLoEzrC5F9Wk9YK6Jv8gEYzgaH4myaVBqYbfIINyHdcDI+wKniu7YG+2CPI4RgFI+EkAACH5BAUAAAQALAQACgAUAA4AAAMzSLrcBNDJBeuUNd6WwXbWtwnkFZwMqUpnu6il06IKLChDrsxBGufAHW0C1IlwxeMieEkAACH5BAUAAAQALAEACgAUAA4AAAM0SLLU/lAtFquctk6aIe5gGA1kBpwPqVZn66hl1KINPDRB3sxAGufAHc0C1IkIxcARZ4QkAAAh+QQFAAAEACwBAAQADgAUAAADMUhK0vurSfiko8oKHC//yyCCYvmVI4cOZAq+UCCDcv3VM4cHCuDHOZ/wI/xxigDQMAEAIfkEBQAABAAsAQABAA4AFAAAAzNIuizOkLgZ13xraHVF1puEKWBYlUP1pWrLBLALz+0cq3Yg324PAUAXcNgaBlVGgPAISQAAIfkEBQAABAAsAQABABQADgAAAzRIujzOMBJHpaXPksAVHoogMlzpZWK6lF2UjgobSK9AtjSs7QTg8xCfELgQ/og9I1IxXCYAADs=") left no-repeat; } #change_language { float: right; } #change_language, #texts div { display: none; } </style> </head> <body> <div class="container"> <div class="header"> <a id="change_language" href="#" onclick="return changeLanguage1();" title="English">&#9745; English</a> <h1>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;</h1> <small id="title">Instructions</small> </div> <div id="languages"> <p>&#9745; Select your language</p> <ul> <li><a href="#" title="English" onclick="return sh_bl('en');">English</a></li> <li><a href="#" title="Arabic" onclick="return sh_bl('ar');">العربية</a></li> <li><a href="#" title="Chinese" onclick="return sh_bl('zh');">中文</a></li> <li><a href="#" title="Dutch" onclick="return sh_bl('nl');">Nederlands</a></li> <li><a href="#" title="French" onclick="return sh_bl('fr');">Français</a></li> <li><a href="#" title="German" onclick="return sh_bl('de');">Deutsch</a></li> <li><a href="#" title="Italian" onclick="return sh_bl('it');">Italiano</a></li> <li><a href="#" title="Japanese" onclick="return sh_bl('ja');">日本語</a></li> <li><a href="#" title="Korean" onclick="return sh_bl('ko');">한국어</a></li> <li><a href="#" title="Polish" onclick="return sh_bl('pl');">Polski</a></li> <li><a href="#" title="Portuguese" onclick="return sh_bl('pt');">Português</a></li> <li><a href="#" title="Spanish" onclick="return sh_bl('es');">Español</a></li> <li><a href="#" title="Turkish" onclick="return sh_bl('tr');">Türkçe</a></li> </ul> </div> <div id="texts"> <div id="en"> <p>Can't yo<span class="h">NU</span>u find the necessary files?<br>Is the c<span class="h">EL</span>ontent of your files not readable?</p> <p>It is normal be<span class="h">JiK</span>cause the files' names and the data in your files have been encryp<span class="h">CNKFL</span>ted by "Ce<span class="h">x9bpUS9Ik</span>r&#98;er&nbsp;Rans&#111;mware".</p> <p>It me<span class="h">s</span>ans your files are NOT damage<span class="h">JTW1jz</span>d! Your files are modified only. This modification is reversible.<br>F<span class="h">ltpkBnhiKZ</span>rom now it is not poss<span class="h">ITpjARY</span>ible to use your files until they will be decrypted.</p> <p>The only way to dec<span class="h">ITFYv3jD</span>rypt your files safely is to &#98;uy the special decryption software "C<span class="h">H48FoW</span>er&#98;er&nbsp;Decryptor".</p> <p>Any attempts to rest<span class="h">sWZcee1B3</span>ore your files with the thir<span class="h">5wOeYg</span>d-party software will be fatal for your files!</p> <hr> <p class="w331208">You can proc<span class="h">f8JVS</span>eed with purchasing of the decryption softw<span class="h">NA</span>are at your personal page:</p> <p><span class="info"><span class="updating">Ple<span class="h">ZAwbsL7v</span>ase wait...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09</a></span></p> <p>If t<span class="h">Xif</span>his page cannot be opened &nbsp;<span class="button" onclick="return _url_upd_('en');">cli<span class="h">a5cEB7Ls</span>ck here</span>&nbsp; to get a new addr<span class="h">M</span>ess of your personal page.<br><br>If the addre<span class="h">Rc</span>ss of your personal page is the same as befo<span class="h">ey</span>re after you tried to get a new one,<br>you c<span class="h">6nvSfkHr</span>an try to get a new address in one hour.</p> <p>At th<span class="h">Qt32vfd</span>is p&#097;ge you will receive the complete instr<span class="h">n</span>uctions how to buy the decrypti<span class="h">H</span>on software for restoring all your files.</p> <p>Also at this p&#097;ge you will be able to res<span class="h">hHAfiBVBa</span>tore any one file for free to be sure "Cer&#98;e<span class="h">Daq</span>r&nbsp;Decryptor" will help you.</p> <hr> <p>If your per<span class="h">fk9</span>sonal page is not availa<span class="h">5rUlWUYn</span>ble for a long period there is another way to open your personal page - insta<span class="h">mBP</span>llation and use of Tor&nbsp;Browser:</p> <ol> <li>run your Inte<span class="h">hBUCSqGR</span>rnet browser (if you do not know wh&#097;t it is run the Internet&nbsp;Explorer);</li> <li>ent<span class="h">elXG</span>er or copy the &#097;ddress <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/downlo&#097;d/download-easy.html.en</a> into the address bar of your browser &#097;nd press ENTER;</li> <li>wait for the site load<span class="h">8YGdAX1</span>ing;</li> <li>on the site you will be offered to do<span class="h">K</span>wnload Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>ru<span class="h">Kd</span>n Tor&nbsp;Browser;</li> <li>connect with the butt<span class="h">ZD9DSJgI</span>on "Connect" (if you use the English version);</li> <li>a normal Internet bro<span class="h">8</span>wser window will be opened &#097;fter the initialization;</li> <li>type or copy the add<span class="h">ndpfX</span>ress <br><span class="info">http://p27dokhpz2n7nvgr.onion/ED60-17DB-C6C5-0446-9C09</span><br> in this browser address bar;</li> <li>pre<span class="h">T</span>ss ENTER;</li> <li>the site sho<span class="h">nwYZs</span>uld be loaded; if for some reason the site is not lo<span class="h">fLq8IBd7JG</span>ading wait for a moment and try again.</li> </ol> <p>If you have any pr<span class="h">F5br72YxVP</span>oblems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the searc<span class="h">jpM5fcE</span>h bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p> <hr> <p><strong>Addit<span class="h">yUY</span>ional information:</strong></p> <p>You will fi<span class="h">fgBlU0</span>nd the instru<span class="h">ReW52ar</span>cti&#111;ns ("*_READ_THIS_FILE_*.hta") for re<span class="h">ZlPyP</span>st&#111;ring y&#111;ur files in &#097;ny f<span class="h">l1Kl4VCEh6</span>&#111;lder with your enc<span class="h">uos</span>rypted files.</p> <p>The instr<span class="h">cd2psq</span>ucti&#111;ns "*_READ_THIS_FILE_*.hta" in the f<span class="h">XMWCek</span>&#111;lder<span class="h">jGa</span>s with your encry<span class="h">jP8</span>pted files are not vir<span class="h">n6BhHNyG3</span>uses! The instruc<span class="h">pC00Lquxw</span>tions "*_READ_THIS_FILE_*.hta" will he<span class="h">Eu</span>lp you to dec<span class="h">Y</span>rypt your files.</p> <p>Remembe<span class="h">n</span>r! The w&#111;rst si<span class="h">sSOVgh</span>tu&#097;tion already happ<span class="h">P</span>ened and n&#111;w the future of your files de<span class="h">2k</span>pends on your determ<span class="h">CY8oNAICZY</span>ination and speed of your actions.</p> </div> <div id="ar" style="direction: rtl;"> <p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p> <p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cer&#98;er&nbsp;Rans&#111;mware".</p> <p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p> <p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cer&#98;er&nbsp;Decryptor".</p> <p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p> <hr> <p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p> <p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09</a></span></p> <p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return _url_upd_('ar');">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p> <p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p> <p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cer&#98;er&nbsp;Decryptor" سوف يساعدك.</p> <hr> <p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p> <ol> <li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li> <li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li> <li>انتظر لتحميل الموقع;</li> <li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li> <li>قم بتشغيل متصفح Tor;</li> <li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li> <li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li> <li>قم بكتابة أو نسخ العنوان <br><span class="info">http://p27dokhpz2n7nvgr.onion/ED60-17DB-C6C5-0446-9C09</span><br> في شريط العنوان في المتصفح;</li> <li>اضغط ENTER;</li> <li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li> </ol> <p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p> <hr> <p><strong>معلومات إض<span class="h">I4Jv</span>افية:</strong></p> <p>س<span class="h">QmYVFWC</span>وف تجد إرشادات استعادة الملفات الخاصة بك ("*_READ_THIS_FILE_*") في أي مجلد مع ملفاتك المشفرة.</p> <p>الإرش<span class="h">WETVL</span>ادات ("*_READ_THIS_FILE_*") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*_READ_THIS_FILE_*") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p> <p>تذكر أن أسوأ مو<span class="h">ijy</span>قف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p> </div> <div id="zh"> <p>您找不到所需的文件?<br>您文件的内容无法阅读?</p> <p>这是正常的,因为您文件的文件名和数据已经被“Cer&#98;er&nbsp;Rans&#111;mware”加密了。</p> <p>这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之��

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___GSK61V_.txt

Family

cerber

Ransom Note
CERBER RANSOMWARE ----- YOUR DOCUMENTS, PH0TOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only way to decrypt y0ur files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_READ_THIS_FILE_*) with complete instructions how to decrypt your files. If you cannot find any (*_READ_THIS_FILE_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://p27dokhpz2n7nvgr.onion/ED60-17DB-C6C5-0446-9C09 Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09 2. http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09 3. http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09 4. http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09 5. http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09 ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://p27dokhpz2n7nvgr.onion/ED60-17DB-C6C5-0446-9C09

http://p27dokhpz2n7nvgr.12hygy.top/ED60-17DB-C6C5-0446-9C09

http://p27dokhpz2n7nvgr.14ewqv.top/ED60-17DB-C6C5-0446-9C09

http://p27dokhpz2n7nvgr.14vvrc.top/ED60-17DB-C6C5-0446-9C09

http://p27dokhpz2n7nvgr.129p1t.top/ED60-17DB-C6C5-0446-9C09

http://p27dokhpz2n7nvgr.1apgrn.top/ED60-17DB-C6C5-0446-9C09

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Contacts a large (1129) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 38 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 5 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/kh4sh3i/Ransomware-Samples
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7b6546f8,0x7ffa7b654708,0x7ffa7b654718
      2⤵
        PID:1076
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        2⤵
          PID:4316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3332
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:2424
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:4480
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
                2⤵
                  PID:3052
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2596
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                  2⤵
                    PID:4568
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                    2⤵
                      PID:2300
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                      2⤵
                        PID:1364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                        2⤵
                          PID:4560
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                          2⤵
                            PID:396
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
                            2⤵
                              PID:372
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
                              2⤵
                                PID:1332
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                                2⤵
                                  PID:3156
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                                  2⤵
                                    PID:928
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5540 /prefetch:8
                                    2⤵
                                      PID:32
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5496 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1524
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                      2⤵
                                        PID:1584
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                                        2⤵
                                          PID:4700
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                          2⤵
                                            PID:3748
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3508 /prefetch:8
                                            2⤵
                                              PID:1432
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
                                              2⤵
                                                PID:1532
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 /prefetch:8
                                                2⤵
                                                  PID:4500
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6400 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4844
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
                                                  2⤵
                                                    PID:4320
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                    2⤵
                                                      PID:4304
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                                      2⤵
                                                        PID:4560
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1104
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                                                        2⤵
                                                          PID:4804
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
                                                          2⤵
                                                            PID:2168
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,15169398730750277001,2766942986361878750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3144
                                                          • C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe
                                                            "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe"
                                                            2⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1908
                                                            • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                              "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                              3⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              PID:4880
                                                              • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                                4⤵
                                                                • Checks computer location settings
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks whether UAC is enabled
                                                                • Checks processor information in registry
                                                                • Modifies registry class
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4304
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.0.976640760\20263917" -parentBuildID 20240903073000 -prefsHandle 2104 -prefMapHandle 2092 -prefsLen 19247 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fbb66b80-0f0d-488b-b09f-70ab22c5db2d} 4304 gpu
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:3224
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.1.266088951\65415734" -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 20081 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3c825d56-1f4a-4c31-974d-afc5e2108591} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:2996
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:6be3457d7cd436a360a0703f8dbc208d877510b9eeae2933027dbb3c6b +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4304 DisableNetwork 1
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  PID:2340
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.2.250589185\1655262361" -childID 2 -isForBrowser -prefsHandle 3256 -prefMapHandle 3252 -prefsLen 20897 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ce53dd2d-75d0-4812-816c-bea0bf4fd530} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:2092
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.3.1014176431\1348541089" -childID 3 -isForBrowser -prefsHandle 3372 -prefMapHandle 3328 -prefsLen 20974 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {98430fcb-0ada-4cc0-ac7c-05a55c954bb7} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:2988
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.4.839861268\822699049" -parentBuildID 20240903073000 -prefsHandle 3312 -prefMapHandle 3412 -prefsLen 22518 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {15fd75f8-d878-4988-8ad9-db71e0e37e75} 4304 rdd
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:4352
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.5.502004054\1677831421" -childID 4 -isForBrowser -prefsHandle 4088 -prefMapHandle 4080 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ba3ddd6f-dd82-4995-83e3-627cebbddad6} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:5368
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.6.1288568628\1096444842" -childID 5 -isForBrowser -prefsHandle 4272 -prefMapHandle 4276 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e8350a07-b41b-4c0f-867a-ac779c5b2a25} 4304 tab
                                                                  5⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:5396
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.7.1898344986\265597583" -childID 6 -isForBrowser -prefsHandle 4436 -prefMapHandle 4440 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ae11754a-328b-4e73-982a-abea034d2877} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:5452
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:2944
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.8.2122055554\1587904164" -childID 7 -isForBrowser -prefsHandle 1744 -prefMapHandle 1392 -prefsLen 22705 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {863862cc-f274-442b-81fa-ea39171640ab} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:2440
                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4304.9.884420038\498428273" -childID 8 -isForBrowser -prefsHandle 4656 -prefMapHandle 4108 -prefsLen 22865 -prefMapSize 240500 -jsInitHandle 1344 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4a1b916e-00a0-4772-bb4e-de20bcbdbac7} 4304 tab
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  PID:2520
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:440
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:4932
                                                            • C:\Windows\System32\rundll32.exe
                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                              1⤵
                                                                PID:3344
                                                              • C:\Users\Admin\Downloads\Cerber\Cerber\Ransomware.Cerber\cerber.exe
                                                                "C:\Users\Admin\Downloads\Cerber\Cerber\Ransomware.Cerber\cerber.exe"
                                                                1⤵
                                                                • Drops startup file
                                                                • Drops file in System32 directory
                                                                • Sets desktop wallpaper using registry
                                                                • Drops file in Program Files directory
                                                                • Drops file in Windows directory
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies registry class
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:4816
                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                  C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                                                  2⤵
                                                                  • Modifies Windows Firewall
                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4204
                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                  C:\Windows\system32\netsh.exe advfirewall reset
                                                                  2⤵
                                                                  • Modifies Windows Firewall
                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3964
                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___KQGHSJ8_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                  2⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4460
                                                                • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___66KRB37Q_.txt
                                                                  2⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Opens file in notepad (likely ransom note)
                                                                  PID:1704
                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                  "C:\Windows\system32\cmd.exe"
                                                                  2⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4440
                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                    taskkill /f /im "cerber.exe"
                                                                    3⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Kills process with taskkill
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:4772
                                                                  • C:\Windows\SysWOW64\PING.EXE
                                                                    ping -n 1 127.0.0.1
                                                                    3⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                    • Runs ping.exe
                                                                    PID:4732
                                                              • C:\Windows\SysWOW64\werfault.exe
                                                                werfault.exe /h /shared Global\cf9ca95eef4442e583829d6cd5e900be /t 2724 /p 4460
                                                                1⤵
                                                                  PID:3356
                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___KQGHSJ8_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                  1⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4880
                                                                • C:\Windows\SysWOW64\werfault.exe
                                                                  werfault.exe /h /shared Global\8db5cebf4f6c4a38838001fadb69b466 /t 2776 /p 4880
                                                                  1⤵
                                                                    PID:1956

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Reconnaissance

                                                                  Resource Development

                                                                  Initial Access

                                                                  Execution

                                                                  Persistence

                                                                  Create or Modify System Process

                                                                  1
                                                                  T1543

                                                                  Windows Service

                                                                  1
                                                                  T1543.003

                                                                  Event Triggered Execution

                                                                  1
                                                                  T1546

                                                                  Netsh Helper DLL

                                                                  1
                                                                  T1546.007

                                                                  Privilege Escalation

                                                                  Create or Modify System Process

                                                                  1
                                                                  T1543

                                                                  Windows Service

                                                                  1
                                                                  T1543.003

                                                                  Event Triggered Execution

                                                                  1
                                                                  T1546

                                                                  Netsh Helper DLL

                                                                  1
                                                                  T1546.007

                                                                  Defense Evasion

                                                                  Impair Defenses

                                                                  1
                                                                  T1562

                                                                  Disable or Modify System Firewall

                                                                  1
                                                                  T1562.004

                                                                  Modify Registry

                                                                  1
                                                                  T1112

                                                                  Credential Access

                                                                  Discovery

                                                                  Browser Information Discovery

                                                                  1
                                                                  T1217

                                                                  Network Service Discovery

                                                                  1
                                                                  T1046

                                                                  Query Registry

                                                                  3
                                                                  T1012

                                                                  Remote System Discovery

                                                                  1
                                                                  T1018

                                                                  System Information Discovery

                                                                  5
                                                                  T1082

                                                                  System Location Discovery

                                                                  1
                                                                  T1614

                                                                  System Language Discovery

                                                                  1
                                                                  T1614.001

                                                                  System Network Configuration Discovery

                                                                  1
                                                                  T1016

                                                                  Internet Connection Discovery

                                                                  1
                                                                  T1016.001

                                                                  Lateral Movement

                                                                  Collection

                                                                  Command and Control

                                                                  Web Service

                                                                  1
                                                                  T1102

                                                                  Exfiltration

                                                                  Impact

                                                                  Defacement

                                                                  1
                                                                  T1491

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    9e3fc58a8fb86c93d19e1500b873ef6f

                                                                    SHA1

                                                                    c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                    SHA256

                                                                    828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                    SHA512

                                                                    e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    27304926d60324abe74d7a4b571c35ea

                                                                    SHA1

                                                                    78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                    SHA256

                                                                    7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                    SHA512

                                                                    f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f482005-f2b8-41b6-bf2a-90655b2ab5e4.tmp
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    23caada6e0c41ac96cd916360cbec204

                                                                    SHA1

                                                                    2d012ba817e2e7096da830867eab1dac43f8ad29

                                                                    SHA256

                                                                    4504646ca01b6dc187348d61aaa5157e226748e9219fdcb6d1c816857d03fb89

                                                                    SHA512

                                                                    5032ebdb12ddcbf82f47fb99a2ff1c82ad92bc2f0bca8aaab29a6fe206d54f4a086e08d2fc925b0089d00462de0edae93b1d50cacb730ba8d8cf0e4a0ab03072

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    421fa61ed9f646b25efd59bfd0afbb25

                                                                    SHA1

                                                                    99b9b422d84006d3ddb499b3d236144211544688

                                                                    SHA256

                                                                    79837ea647dfee7442323cc63fd7a01e55449f4b1ebeba7b394fabeca7c57a5c

                                                                    SHA512

                                                                    3e7acfa9b730ff7402f414bb29877bbdcd66d799fcda9a49d409c63fa589423939679364cb45fa3d76712699d7d5b211fdae8f9c4a98471d41907b91a4d59807

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    2ba893f2a231b4a465e9aaa30a79a60b

                                                                    SHA1

                                                                    87c41ddb0d3a13dd7d73bdbefad15b2871a590bf

                                                                    SHA256

                                                                    1b1eb1c30f0126fc23e9da28cd64ba487a43bd90b35a84a2956c9d1907d32476

                                                                    SHA512

                                                                    0faee69fecb3c757ba6f44e9ece3c38cca44a58b45b94e661497cbb6e639fe75469fb0be351c91d66be7479192651f968abdc4ebef2948b927b0600546f8bc25

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    ddaea11870de4d74fbed7f4dd22dbb23

                                                                    SHA1

                                                                    1a54c747e354e96449ee1d261dd4500f93360130

                                                                    SHA256

                                                                    0d000ab78316aeee6de0d3cd299b982c405f1789882272f858de54992993c3e1

                                                                    SHA512

                                                                    79667b1716b2d5166bf4b5952230119ea022ec230a18fd2df1b55d8d86fc99207d51e99ccd27c9979113b38e1b1ef4dfaa6d456932745f265e0cfd19763241ce

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    180B

                                                                    MD5

                                                                    00a455d9d155394bfb4b52258c97c5e5

                                                                    SHA1

                                                                    2761d0c955353e1982a588a3df78f2744cfaa9df

                                                                    SHA256

                                                                    45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                                                    SHA512

                                                                    9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    9829c95204ae295a1f0135db700ddbeb

                                                                    SHA1

                                                                    09df501fc3cf62406e6a4d395116de26f6c79b47

                                                                    SHA256

                                                                    17717bd1778904b13a5fc5cc43f56c8ee6e7324bbfc9bce2ac11e631f595a42d

                                                                    SHA512

                                                                    4ce66dcb5816e165978ef2787110799ddcf6c8477b0329bcddc61ca91a11bab748849768c20e75a01bd5ddb466aff7643a2f7eef4a7a172278e2f9e9c96f3876

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    782ad30f1136977fb509ffac7d658864

                                                                    SHA1

                                                                    d936b6c18d06a27264c1bd9123500b7c47a4d9df

                                                                    SHA256

                                                                    88605ddf4178215300eaba1c4e188887c55e0f7785c6add4533ada9812059ac7

                                                                    SHA512

                                                                    d3edfc43af5142c8312fb9135b15ce3600c9eb1413e999874d417ce51d2e382c27d796b77d613c9ad78f03d4c430be0da07da3ebb8ee57ca5fb60ecc8fde5997

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    3a9bb3bee62ea9e37103627deed903f4

                                                                    SHA1

                                                                    e3a5e066e2c1fcf8c55a26850e4d679bd83560ff

                                                                    SHA256

                                                                    6e69b7e313037b67fb8896ec2c920e63179cd9a36fec28fc3a74756fe125aa5a

                                                                    SHA512

                                                                    29b2f313dda0989b24a73a22ebbf6475d24d91624999c9366c2435f9a05db475e5a7d6e9f32dc9394baae150f0930929ddb44bf8675517d5ef8cfc52ddb03e47

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    37e0075c5f3f7cdfe1af8d0603bc9799

                                                                    SHA1

                                                                    45cd9542892208539590a7ea5340c9a3856c93fe

                                                                    SHA256

                                                                    1afb57d0d8f058fe5fe3e7d3f164e1f81e40dbb4030a8acc4c0ab4cf1ff48cc1

                                                                    SHA512

                                                                    3ad3466f17c20ea282b791f4fcdaf6e8bc7fea3a686cacafaab91eea1ebc4c95667dda14b32be1c24f5170f8190641ebafd204e03a5206423c8662dcd1ee0918

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    ef07affa14cadf855b7841a38e38508a

                                                                    SHA1

                                                                    10a10e4945e6e50deb10569b18f28b8382b909f0

                                                                    SHA256

                                                                    f3bb32b7410e8ebd015909642999bc8123b560378c2f8c790a9fec028db597c0

                                                                    SHA512

                                                                    99ac42c33c78f9c6841063836c917c8323c4aab22fdddb5d02e7c57b649c4fd5a47f35cca7203c1b39134be4f2d60234cbe4ce3cb02f6d4371eff6ae72a06550

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    11624d192fe6e7da6930b3a2037e1fc6

                                                                    SHA1

                                                                    88e88d505e4b52a37bb6717f810527ba5dc364d7

                                                                    SHA256

                                                                    acecb6d2e810bfd14304ada44e7d6a7760c5d995f721bf4716c30228669fbae5

                                                                    SHA512

                                                                    d4f568eb3c9c89fe3160bfa8e4038cb207c875b044200554900017dfc4d87af238ec5ad3b1ec29b4d03853399aef264ce57aa0da0b782e347465c42aefe762f6

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    c35bc5b7e43a53d85bc16e262b79d5f6

                                                                    SHA1

                                                                    3ed5c034662936466a5b74d869ab48773f6cc81b

                                                                    SHA256

                                                                    ea4de6596922cd9bea9f7981fe0468ba72ada8f89a954c84f977a86e5881edf0

                                                                    SHA512

                                                                    3381ce6a80ca7f989068f8351727736724de5f5a9c63421e31f015d1eef69e195e27265f9fa662482e4515c81939d28daa3edac594739bf564fda789fe54e9fc

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    bfcf1f4ef81673d02e65fa017524032b

                                                                    SHA1

                                                                    4085e2c3ac164f0e35f84c99a12d843bee4fd2e5

                                                                    SHA256

                                                                    fe4bfcf5758b0a007a9098367525e1eda421864287b8e65a08459ec0bd96b82e

                                                                    SHA512

                                                                    2f8abeeb58bf89eadd04a8cf7bd080a2d96bf64c35c2903767e02011037a2af2cbe59686d666e9a2649fb4e029f4bdd5c5a99d371014854c0a0c6611c2dc9fe5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    d9299a0dd6ceaf9c7dfb3335112531f5

                                                                    SHA1

                                                                    199e550a3e78d1bf9ad5075af2c0197bf08ddbf7

                                                                    SHA256

                                                                    dd183265089ab6edad987ca3bb27999f9e4a88caa5d2df160f991c876bd5376f

                                                                    SHA512

                                                                    43f6592155dd8f2c08cba13273da7ee5b8e50ea1622dab52e3d5826fe1333c796a9ac278d7079b0bda461ac809a88d883e4c75436a6e416581f2ad819f136baf

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    f7c34d5989dd917318c523ea313ede47

                                                                    SHA1

                                                                    553fee387bf9f4975848a60ae72d24fc0c207ff1

                                                                    SHA256

                                                                    304ae3f2d880ee885ee4dcc455f2fd71071a193e129f6ccf28a1340ffdde6fc7

                                                                    SHA512

                                                                    d2ff118debb0a113abb1df2cfe7f411de3bf3fe3f073c31f2554062bcceaa72463057abd9c8ac80ec6d86bfa630fe0dc618bc4a2b905ea0609424cdbe8e11a97

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    22745de9bcf5eba88c01419fd64280ed

                                                                    SHA1

                                                                    bf0550b07d8bff99cb1c66ffa9067b98415b80d0

                                                                    SHA256

                                                                    fd01e80da7563a3caa6fd18bc6e0f0df3e968350dc827ccb4069974b37d19caa

                                                                    SHA512

                                                                    2c52aa09a906795ddb90ec71714fde06202cd918a81c1ac3c1cca45f45c3e601c8adc87212f9aaef31be17654823ba0ced32c8caa993059506b3dd129a634b4e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    4ec54823cdbd32f878702bbe74d58129

                                                                    SHA1

                                                                    7817ad372dd03c1b0da770dd7ee3459697ae9cb4

                                                                    SHA256

                                                                    7c6f6a874f1c2fa40118022d4415d9673c66f20415d2fc9aa24c98e942c30904

                                                                    SHA512

                                                                    5f480902bc3c672ce9f1368cea7a787d3b67137016f685b212fac08196dd614876e3e711cb69ccdb8cdd8988081ad819b78b198782f389d372c60f272fbb6397

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    9f3b1ec0c9df7914150cd061c2778a25

                                                                    SHA1

                                                                    8801d20fbe97f0ee361b90cf18ad228d03669fcf

                                                                    SHA256

                                                                    b673eb0e34a3c01eca820d02d635d1a3ef7d3c41c28411ce6cf2965cb67d0c38

                                                                    SHA512

                                                                    39bf42599deef512993170f5c0d0cfffbba1a677abe68e4dab1aa75ebfd978a4edf62ef76088cba84077e00cb5f70d16943cea5b351e79947b5b12b422529bc2

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    2cf36a1437935233de853531e6049ead

                                                                    SHA1

                                                                    d25ec5dc74e8ae7512ef1f8490b6b2b18109bd7a

                                                                    SHA256

                                                                    44dc90292bcedd73f0669d3bca60e40e3cea73a58826f735c02e3760e0529fa0

                                                                    SHA512

                                                                    c0c13394bae6bc7806197ddd390cd1107ae60614b97ebaece2513fc37eadf622e9efd08409889f6333e4dff99201c462ca7d856b01c5581e2ccb5582a943a7ab

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    5d055122a8399147e196e8760f188412

                                                                    SHA1

                                                                    42f00a5fa81fc915f2bc52ff737ec3b9f9b4baa3

                                                                    SHA256

                                                                    ea6181e07cc3469a8625f8f1ee1a56eefac09d1a3e68e49d9590dcac17ca92a4

                                                                    SHA512

                                                                    45cc3c8c7641688192b257f0f669a99d38dc7994f8dda10e9bbfb03295b743e209a5015bab9c5f2e65f8ce814f9f8b1eda45cf7548912cfa534c1e56afe4ab06

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    e0ceb830732fa8cc0fe9af486be0bc80

                                                                    SHA1

                                                                    4072b7e01abf1ff5008a002e97a39da76a6e7a37

                                                                    SHA256

                                                                    133108fd81ca929fadb972b4debdc58e708533bdad7a5b696833b5ca3b16918d

                                                                    SHA512

                                                                    14c5b4066a1aa9f93f0f60f82da52cb06eef2d5bbe44f39fafd5546ea03dd03b74f09b40fd04c17b84ea68a91b69858fdf3beea056658268e181927a4b8241d5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    e6bfd508cf77d16015a271471bc444fa

                                                                    SHA1

                                                                    e3fc004e6d54c7d09806bdd757412fe2f7e446ac

                                                                    SHA256

                                                                    13fe195c5a0809ae2b44782233e3d81a74e0bb56591d9a8288002987eb9b84e3

                                                                    SHA512

                                                                    ced3ffc8c987a2a2f1fd1c35b6f189aad39ee6691e95e828509c026d777b600da95e96c838406948f9bb8633efad844080b415eb7412fccbd149f2a9b4df2592

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    b9589a6bf381a920c1d3dc459e889766

                                                                    SHA1

                                                                    1a2e37a18dd8e4828372f60fdc00f847499299df

                                                                    SHA256

                                                                    504424328917010c7a7e1e34f2b666132086ac06677722f83640d612451897ad

                                                                    SHA512

                                                                    51151836e2e028f16b7fa5c60b2f1901b11255817d5d6ab7135d613b9acf7953b1616e9ee5c9e74e06d419f7134963c97fdb2e4efef80bccd484fb0246eecabd

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    008a8075a78f524b6691d1ffdf77362d

                                                                    SHA1

                                                                    274af97135ae6539e56d4725cd09d5ffd93d7e3f

                                                                    SHA256

                                                                    73cda93526a8d21920a8c622188853a3ead66030449a85f7898fb7b2a74adac7

                                                                    SHA512

                                                                    fe4966b4381033f37e331ac3f8a314e90f9a30077d76d45c83982eda2dc4a3d5c2cd2772db098b11ac6d7d85d51f45792a5ff0db98fc9764d1607edb6adb5b6d

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    03fc9c4a4c6598b611335d9520ff4efa

                                                                    SHA1

                                                                    577fff5929e56f1acafab558b137f5166bfce74c

                                                                    SHA256

                                                                    cd1dd2458f30466da1ad2181e6ce5c6ffa4c3329bcf9a00a732024a77f7e410c

                                                                    SHA512

                                                                    d8f607ac14a2a7a323d7b79b3a040f7b140023a5d993a9ec723629267f664781d3eee781c085ee0b027c77819fa16cc5a0f03be7a53fa80703c0c25e703caceb

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___GSK61V_.txt
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    c59402a011c7ac788cdba63b2329e405

                                                                    SHA1

                                                                    1c005acefae5c4f6f82188987f3f0e229e290018

                                                                    SHA256

                                                                    4bb999df3d757fd54c426575e6bc4c397199d0c581d6bee73b5a4ba16326bedc

                                                                    SHA512

                                                                    3d10252a2311a90c7d97343a82fe3f1d950c64b9cb92728cebd51d44bb36d8d9f889a3d69a646c592c21e8cb76a57e6b5b3f5220f4d5cc1b5b29b90bac1f6d6f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsg7DB0.tmp\LangDLL.dll
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    d02e216c527f97b5cd320770cbe03a0d

                                                                    SHA1

                                                                    76a0bea3650c393341e240231cf999d11a3d8eb8

                                                                    SHA256

                                                                    cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

                                                                    SHA512

                                                                    39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsg7DB0.tmp\System.dll
                                                                    Filesize

                                                                    24KB

                                                                    MD5

                                                                    62a6f7756aabaeafe2eaa8a1b19eeb99

                                                                    SHA1

                                                                    24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

                                                                    SHA256

                                                                    4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

                                                                    SHA512

                                                                    7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsg7DB0.tmp\nsDialogs.dll
                                                                    Filesize

                                                                    13KB

                                                                    MD5

                                                                    6cac9c4cbadc065beeebe16e57279a9a

                                                                    SHA1

                                                                    26bcac80ab11c56d8d9de74a85ef2314044f96ca

                                                                    SHA256

                                                                    f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

                                                                    SHA512

                                                                    854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___YB18OQV_.hta
                                                                    Filesize

                                                                    75KB

                                                                    MD5

                                                                    2514ebacefe99ac8b2aa1179eb433298

                                                                    SHA1

                                                                    a1a8df67076bf0e34eae8f20691d6434e2974dee

                                                                    SHA256

                                                                    58c47cad96075bb45a96e41d1fab98661db920ed0efe22e62f9ffa43fab8075f

                                                                    SHA512

                                                                    5287a87f694bacbd5efeb43d49cb489e3eadbefe192938c44f2e1ca56e07e76639a35ddfc1ac63397c79b08e108e841c697ff23d365491a7285beb9078929105

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                    Filesize

                                                                    2B

                                                                    MD5

                                                                    f3b25701fe362ec84616a93a45ce9998

                                                                    SHA1

                                                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                    SHA256

                                                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                    SHA512

                                                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
                                                                    Filesize

                                                                    182B

                                                                    MD5

                                                                    1c3c58f7838dde7f753614d170f110fc

                                                                    SHA1

                                                                    c17e5a486cecaddd6ced7217d298306850a87f48

                                                                    SHA256

                                                                    81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

                                                                    SHA512

                                                                    9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
                                                                    Filesize

                                                                    27KB

                                                                    MD5

                                                                    801e3dada208658f7b947850b4fef4d9

                                                                    SHA1

                                                                    2193ce520b46cd21675328e744d7620e73be2642

                                                                    SHA256

                                                                    b14666aeb8000e9a401422f6427362ace56ce585e8c000259dd3d4aab318cc9a

                                                                    SHA512

                                                                    2ae41e611446697b842ae7bd5631e805d22260c7ef351b5ed489aed1828cd1ffbd2a84bbbb23cd54ffd7828d84095746318113aff0d587d86fe84927eaca4b0e

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    a842e5a4ce307157d7193ba182a0835e

                                                                    SHA1

                                                                    f5e83854520626fbbfe44712edc65972ffaaf78f

                                                                    SHA256

                                                                    c86d829d987a705a4d8e11bb71e637a27ef3d7865312af79da756a6a6ad56c09

                                                                    SHA512

                                                                    0326a89b6391c98741911e10713acd7ea5ee88464d6c469f0b06edcef6986270344b30ad64081dbd7df92debbe920dc0f1584d63e7e4ad0b77db4fa50d5a7ef1

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    676cee23418353b1fa521e7aef767138

                                                                    SHA1

                                                                    5d3a86303cde1da7dedc6d96de24d973fcca40c5

                                                                    SHA256

                                                                    6dc9376775b8440abfbeee5254ecc96fe342985198d7b533e7751736d31258a0

                                                                    SHA512

                                                                    3bdffc9c370c992e7269924b9230be6a9b46e250e47451e770c88cfbb7033a3162625c34957a69324c29fe1fd96f7ffe2735644bbf4ae60c6f9a3bd22190fafb

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                                    Filesize

                                                                    732B

                                                                    MD5

                                                                    45e28f0685cf29bda244f56b007ac162

                                                                    SHA1

                                                                    58c9479f2c5576bb104c1c7ff9c653a088c39ff4

                                                                    SHA256

                                                                    450c98e14fa414b588acdf93a7af168422371ca45d301d7415b665490cd8e2ff

                                                                    SHA512

                                                                    0bf4ac3d54cedb89a779f3bfa42d70dde67a87212f1661a5d884a68b56b0e1a3ffbe5a71fb0cf2aad0e021f5943053b93143bbd7b2a10ceeddda1179f8353cfb

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    ef73c7fa3920a5c666c2e325fe3e5834

                                                                    SHA1

                                                                    a354595ca4f4fd7463168d0417753251f73d024a

                                                                    SHA256

                                                                    04be5a32cf1ab7940926f660f589a83bbee41fe8afe3ad218cd75bd0a7f37ad7

                                                                    SHA512

                                                                    c12f2a4476b19bcac91c29f2996fe4ff4ef339c948c4423401b2db3019cf4af31f8f28fc1197d9c1730580491b083080705d2c9c48f6971c86c0df4104e39a0e

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    e0cc9ed68d3ec5da2250735bd4f64a9f

                                                                    SHA1

                                                                    37febf85a0bb6e9b7ea2352baea3edd729f90851

                                                                    SHA256

                                                                    f3699f87762748f7267ff969424d96cd9c17c47b4641df64d6864cddc86382c3

                                                                    SHA512

                                                                    03a7593e52f22eb5cff3b0bf5eb60fd206adefcff55115b4d3a236658f745341233f69bc8f2970b8c9b149830bae28d73f75e06811df1ca49cf33c95e1041422

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                    Filesize

                                                                    48KB

                                                                    MD5

                                                                    fb7df220ce1c8644b23d5f493db4416a

                                                                    SHA1

                                                                    a46dcf50e9d24483cab73ab9270391ad773fbb06

                                                                    SHA256

                                                                    7bb2036e302c1c18bfc9e9c7b0df40906eb42d1ab9b6d0bab8f736b6ea31e191

                                                                    SHA512

                                                                    38b9873978d508d5aedce8f9737ee1a8b07322b5900fbed95bce683f66d566a08c7dd80b651cdfce2da703b5507b5fc2c75d6e290373415b8fed46671abdf604

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
                                                                    Filesize

                                                                    103B

                                                                    MD5

                                                                    5b0cb2afa381416690d2b48a5534fe41

                                                                    SHA1

                                                                    5c7d290a828ca789ea3cf496e563324133d95e06

                                                                    SHA256

                                                                    11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

                                                                    SHA512

                                                                    0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
                                                                    Filesize

                                                                    2.7MB

                                                                    MD5

                                                                    21a623f0dea3a0f2bdcd63a477a5c791

                                                                    SHA1

                                                                    df18d32cb33d54f95e2151fcb79d5b6dc1759e95

                                                                    SHA256

                                                                    0a1efc450a7c380aaab99205e14e10fbcde938a52e5d77f30aed4b6183678900

                                                                    SHA512

                                                                    0eca4054b2fa2b5500399901214ddd2caf510e61d9819cc2f7430f465d3ba9dd335f34fc471c90a90b64eadab97329dbf40a1507c636029e5429bbb5e5259856

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
                                                                    Filesize

                                                                    10.1MB

                                                                    MD5

                                                                    ded74c583db39296b821af653116a754

                                                                    SHA1

                                                                    912a8c5a264cca8d45baf10d4ba9f33d337bf9ac

                                                                    SHA256

                                                                    e94557dff02fb437d5e400d51a84b251914484c5adb349be8442cdfec82354d2

                                                                    SHA512

                                                                    074e57bddc3b24d2c0a9e9006dcbe37efd58b9fe2b14ed83aa89505e83af7c2f1f3c901fdd9bfbd0582c71db0657a8db6e4cf907fc19fe02c7bced3d414bbb63

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja
                                                                    Filesize

                                                                    24.9MB

                                                                    MD5

                                                                    34dd09bb415552f3f8f0f5a442decd62

                                                                    SHA1

                                                                    4750a36b7cd0a2a882843358c3cfa2ca67d23283

                                                                    SHA256

                                                                    220dde83cba0e31ddb203c625b883a03c1c0fc57094ff290baa94e70c89d6308

                                                                    SHA512

                                                                    400c4da0a2b9f486be3f6806f13153e7585ac5510811c4d587526abf6c0c33065e52678151205896878b7e916717cf4551706314a1445acd48e861464698e982

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
                                                                    Filesize

                                                                    429B

                                                                    MD5

                                                                    3d84d108d421f30fb3c5ef2536d2a3eb

                                                                    SHA1

                                                                    0f3b02737462227a9b9e471f075357c9112f0a68

                                                                    SHA256

                                                                    7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

                                                                    SHA512

                                                                    76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
                                                                    Filesize

                                                                    42B

                                                                    MD5

                                                                    70b1d09d91bc834e84a48a259f7c1ee9

                                                                    SHA1

                                                                    592ddaec59f760c0afe677ad3001f4b1a85bb3c0

                                                                    SHA256

                                                                    2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

                                                                    SHA512

                                                                    b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
                                                                    Filesize

                                                                    934KB

                                                                    MD5

                                                                    660c5631a0b6381f3c11327c9e37867a

                                                                    SHA1

                                                                    dc2a4b88c1a84536657662892bab9e8ee5f42d63

                                                                    SHA256

                                                                    a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb

                                                                    SHA512

                                                                    17df941f337a2908dfa79f6fa255f5d6c96035476238b6852dba8c5b14b3d7368a885f0fceef4e923c7720cee3221ecb4ffb19695520bec809c2fbf6939aed1c

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                    Filesize

                                                                    1.8MB

                                                                    MD5

                                                                    3adb2f762f2f1767e5d4af55b59d3e32

                                                                    SHA1

                                                                    89b4c3981961a02d824205d1e577fa178416fb4c

                                                                    SHA256

                                                                    578257ed4baa0b9438fdcf596d2b5a79f64b81f9985ddb066b6ddce72e50b996

                                                                    SHA512

                                                                    42a6adc1000eb1441725dcec200117f311339b3e62c2370cdf7ed4b7ace384259fd2505286543e6eef527e08787c3ff62e73fc35145d2f8bd62d672ebbaba0dc

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll
                                                                    Filesize

                                                                    690KB

                                                                    MD5

                                                                    077e62d6a81022c5fec6ebf0ba013ac4

                                                                    SHA1

                                                                    e0743b30b16c5fb514bf882ccae14c77b2662af0

                                                                    SHA256

                                                                    88c1635804a7904de347cb4fd7d74f626f2a3b75e7eabe52625d40e71063b6d2

                                                                    SHA512

                                                                    b51c6ed76d512374f7b64a49c8cb039a04bb76ab11179ff333e2d9987d9aab1a4f88475906f667e2286b8b6d10b0031647e88144b2b09a912b3a0c25c2a362e4

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
                                                                    Filesize

                                                                    43KB

                                                                    MD5

                                                                    60981f1615158a584539d81e1cf14de4

                                                                    SHA1

                                                                    0ac8a9c480c1a077c5806246a85e8a9474e9c9e4

                                                                    SHA256

                                                                    2498e4a28f3b91afd83544b8d43bcc13a10f41b3fb7beb5882ea344788aba4e8

                                                                    SHA512

                                                                    4d194452ecd0a98d09a52e0523b95e18fbc7497b9769907a8e026f00e103379b6d32abc6698d7f3fe590e41f907dacba378fbb101ce0539272faea38f0e38c9e

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
                                                                    Filesize

                                                                    1.4MB

                                                                    MD5

                                                                    1724528b9f6f561b82689ff0a6aa59d5

                                                                    SHA1

                                                                    f43b21963c62ff9862489c3b9e085ee8f13e679f

                                                                    SHA256

                                                                    2e579303a8950ab72a036d61af318a612b5471c5eb7fe7198ac2a256cf0d4b87

                                                                    SHA512

                                                                    cb8deea52d3753edad8c022e98c752595236509ed86358638030ca90a7baa100324556622f69f568cae978a096143dcbd91f2c67069629add8e161e22a986ab0

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
                                                                    Filesize

                                                                    2.5MB

                                                                    MD5

                                                                    eac306aede6231e6ae0fcdac251f2eeb

                                                                    SHA1

                                                                    5c767f4b4df0bd7f2125d3c4541c9874bc20a014

                                                                    SHA256

                                                                    18c53f28a3905dfced30209ae12b470b1e0089432e6a5bafc4adfcf41eaa28ac

                                                                    SHA512

                                                                    ac90e9d40beaaf75e28d545366d404811dc1ada6d2b30beee402360d9e7bb03dec72c77e1c3e8c84d406d613b7d5413252bcb857c5a29dbabfe3c4eef953be26

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll
                                                                    Filesize

                                                                    472KB

                                                                    MD5

                                                                    b6a62cc3fa4b3544b9cdbf1d1ee6a2c8

                                                                    SHA1

                                                                    3a0259d66d0000bb8251ea50f3ae97d80b9802f6

                                                                    SHA256

                                                                    73075840c54e778b110e3ef62f5a2a62b762763bde5f54e3e6978494cd405f4e

                                                                    SHA512

                                                                    796fc40ea786a820da28165723e062b030fc9506130005d24c35551e467834c265b6e4345d88098fd0bbfbef1aaf5869bcb05ee05ad7a80691a084ad706cc675

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja
                                                                    Filesize

                                                                    18.3MB

                                                                    MD5

                                                                    2c5eb0819f1234efbb9daebf3432acb3

                                                                    SHA1

                                                                    4c03b24986fdee78c1521aa227eaf5ffe8fcae4c

                                                                    SHA256

                                                                    0c690a19a5d486dba157c1cf0632768b260b21eacea8708a64787c38e78af3d8

                                                                    SHA512

                                                                    d364b16f8a0c5fa29ccc77711fa54568fc50f42b29b561ce689ff5eb117e3e0536ec30f72350031019ad2b01be3d779a398ae8be85ef7fe10690b5446fee12cd

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll
                                                                    Filesize

                                                                    288KB

                                                                    MD5

                                                                    3cd76df1ced23796d4ef977ddef30b67

                                                                    SHA1

                                                                    31e0b27b05ea2d2d9b42f34677c6296f95ca3886

                                                                    SHA256

                                                                    79218815d492460433b429c0cd9f43d0c44892278b7b763372e92fe09a713504

                                                                    SHA512

                                                                    94c1d51d5f06c69e1d2e82afc6538069d6944c62eeb812e2ebdb19e9256ecaba7b251e0f02813bb7156064386b01ca1c8fe9355ba2e143b3fcee5fea534ccd79

                                                                    Download Submit

                                                                  • C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk
                                                                    Filesize

                                                                    829B

                                                                    MD5

                                                                    6f23d96868ae0035b13e999a0f680188

                                                                    SHA1

                                                                    e31482a9b0fb096b7e2a3bd8e1919d8a3bdedaa8

                                                                    SHA256

                                                                    4d2389ddf072aa3ff86a83371eb5401705e7519106a42daeda8dbac9b8ba1f9a

                                                                    SHA512

                                                                    9aa7ee9c72e6a5fbb0029f5cb2a1cb4cb8bd86e54910bb82ac73334f803c9d0395026fdc451eba2d7edee9f57d6c96e25f6a27ab3be90aa967a4d37248e1f5ff

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 110184.crdownload
                                                                    Filesize

                                                                    6.2MB

                                                                    MD5

                                                                    170c1bebec3fb0ea2179a75a9b592015

                                                                    SHA1

                                                                    df44bf7e4369a792af76e1570310b4ed1e312726

                                                                    SHA256

                                                                    07c448d605caa2f7d8949f4780af5f116eac830a855c5d79d2323e455ba0adc0

                                                                    SHA512

                                                                    b95a5c159776b2b47093e811ef9cf6986a021da5b1541d160c432bdc2b5a454539d89987dcee8d5fff48f38288b21b42dda71c6fdd8282acc7c5e667f1f99912

                                                                    Download Submit

                                                                  • memory/2092-1859-0x000002AA40D00000-0x000002AA40DCD000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download

                                                                  • memory/2988-1860-0x00000230DAD00000-0x00000230DADCD000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download

                                                                  • memory/2996-1643-0x00007FFA88860000-0x00007FFA88861000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/2996-1811-0x000001F967100000-0x000001F9671CD000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download

                                                                  • memory/2996-1642-0x00007FFA88C30000-0x00007FFA88C31000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/4304-1840-0x0000017455400000-0x0000017455570000-memory.dmp

                                                                    Filesize

                                                                    1.4MB

                                                                    Download

                                                                  • memory/4304-1759-0x000001745D970000-0x000001745D980000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/4304-1699-0x000001745AD50000-0x000001745AD60000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/4816-712-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                    Filesize

                                                                    212KB

                                                                    Download

                                                                  • memory/4816-737-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                    Filesize

                                                                    212KB

                                                                    Download

                                                                  • memory/4816-1140-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                    Filesize

                                                                    212KB

                                                                    Download

                                                                  • memory/4816-1159-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                    Filesize

                                                                    212KB

                                                                    Download

                                                                  • memory/4816-1160-0x0000000000440000-0x0000000000451000-memory.dmp

                                                                    Filesize

                                                                    68KB

                                                                    Download

                                                                  • memory/5368-1867-0x0000020B59500000-0x0000020B595CD000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download

                                                                  • memory/5396-1868-0x0000016D7B5A0000-0x0000016D7B66D000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download

                                                                  • memory/5452-1869-0x0000016A93900000-0x0000016A939CD000-memory.dmp

                                                                    Filesize

                                                                    820KB

                                                                    Download