hxxp://google | Triage

Analysis

max time kernel
1040s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 00:27

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google

Score

8^/10

bootkit defense_evasion discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 27 IoCs

pid	Process
3332	tor-browser-windows-x86_64-portable-13.5.3.exe
4992	firefox.exe
2016	firefox.exe
1924	firefox.exe
4216	firefox.exe
1340	firefox.exe
396	tor.exe
4812	firefox.exe
1832	firefox.exe
1076	firefox.exe
4472	firefox.exe
3812	firefox.exe
2592	firefox.exe
5376	firefox.exe
5300	firefox.exe
1584	firefox.exe
5332	firefox.exe
6032	firefox.exe
3604	firefox.exe
5240	firefox.exe
5896	firefox.exe
4600	firefox.exe
3536	firefox.exe
6284	firefox.exe
5892	firefox.exe
6804	firefox.exe
6944	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
3332	tor-browser-windows-x86_64-portable-13.5.3.exe
3332	tor-browser-windows-x86_64-portable-13.5.3.exe
3332	tor-browser-windows-x86_64-portable-13.5.3.exe
4992	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
1340	firefox.exe
1340	firefox.exe
1340	firefox.exe
1340	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4216	firefox.exe
4216	firefox.exe
1832	firefox.exe
1832	firefox.exe
1832	firefox.exe
1832	firefox.exe
1832	firefox.exe
1832	firefox.exe
1076	firefox.exe
1076	firefox.exe
1076	firefox.exe
1076	firefox.exe
4472	firefox.exe
4472	firefox.exe
4472	firefox.exe
4472	firefox.exe
3812	firefox.exe
3812	firefox.exe
3812	firefox.exe
3812	firefox.exe
4472	firefox.exe
4472	firefox.exe
1076	firefox.exe
1076	firefox.exe
3812	firefox.exe
3812	firefox.exe
4812	firefox.exe
4812	firefox.exe
1340	firefox.exe
1340	firefox.exe
2592	firefox.exe
2592	firefox.exe
2592	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706609005041079"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.5.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Key created	\Registry\User\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\NotificationData	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe

NTFS ADS 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\malware pack.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\memz-trojan.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5056	chrome.exe
5056	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]
6644	[email protected]

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
856	OpenWith.exe
4420	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
2016	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
3088	OpenWith.exe
2084	AcroRd32.exe
2084	AcroRd32.exe
2084	AcroRd32.exe
2084	AcroRd32.exe
856	OpenWith.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
4420	OpenWith.exe
2016	firefox.exe
2768	OpenWith.exe
1740	OpenWith.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
2016	firefox.exe
1496	[email protected]
6644	[email protected]
5644	[email protected]
6172	[email protected]
1148	[email protected]
1316	[email protected]
6252	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 3136	5056	chrome.exe	80
PID 5056 wrote to memory of 3136	5056	chrome.exe	80
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 4560	5056	chrome.exe	81
PID 5056 wrote to memory of 576	5056	chrome.exe	82
PID 5056 wrote to memory of 576	5056	chrome.exe	82
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83
PID 5056 wrote to memory of 1224	5056	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb6dacc40,0x7ffcb6dacc4c,0x7ffcb6dacc58
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2808,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2788 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2852,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4272,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3168,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3308,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4856,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4376,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5036,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3316,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=736,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4044
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3332
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4992
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies registry class
      NTFS ADS
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.0.559683828\624271300" -parentBuildID 20240903073000 -prefsHandle 2272 -prefMapHandle 2340 -prefsLen 19245 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {183e80b3-5659-4580-bc87-df978adc346b} 2016 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1924
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.1.1469985157\183518909" -childID 1 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 20123 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bed227d8-53ab-4a55-ada0-48281ffa3107} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4216
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:ed5a9d0732d11562605d01d36b56168471ef37fcac0826d59bb332d792 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2016 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:396
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.2.1475820494\2058616365" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 20895 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {95f6a2b7-db05-4248-8db7-c6ebb031c4cf} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1340
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.3.964579206\534069718" -childID 3 -isForBrowser -prefsHandle 3472 -prefMapHandle 3144 -prefsLen 20972 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {632ef37e-419d-4f64-9244-137f3b296cb2} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4812
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.4.519056739\659243981" -parentBuildID 20240903073000 -prefsHandle 3452 -prefMapHandle 2944 -prefsLen 22964 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {26b4d02a-db62-4c37-839a-af4880b0da8b} 2016 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1832
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.5.1610175541\9255573" -childID 4 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {63b174b8-fa55-448b-aa97-97bfb5b91ad2} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1076
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.6.356926479\1460716483" -childID 5 -isForBrowser -prefsHandle 4304 -prefMapHandle 4300 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {17e23e36-efcd-4263-8442-0c3df8daf059} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4472
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.7.1403995393\953679854" -childID 6 -isForBrowser -prefsHandle 4264 -prefMapHandle 4272 -prefsLen 22264 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d392b6ec-4745-4b6c-9a7c-e0f8afd59da2} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3812
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.8.1269906463\1041128768" -childID 7 -isForBrowser -prefsHandle 1684 -prefMapHandle 2220 -prefsLen 22951 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {635f6539-5640-4558-88c6-89ddc3609346} 2016 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2592
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.9.919425879\1580731345" -childID 8 -isForBrowser -prefsHandle 3636 -prefMapHandle 4540 -prefsLen 25193 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c75f3dcd-3970-454d-b403-e845c0ae5df9} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5376
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.10.1915633460\2022651070" -childID 9 -isForBrowser -prefsHandle 3320 -prefMapHandle 4308 -prefsLen 23229 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3e7fba78-a69b-4720-97c8-e6d82154a044} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5300
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.11.930795770\170370791" -childID 10 -isForBrowser -prefsHandle 3184 -prefMapHandle 5052 -prefsLen 23399 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {313f1522-6be6-4555-8b7f-3fac36b43128} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:1584
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.12.513159302\549980578" -childID 11 -isForBrowser -prefsHandle 1416 -prefMapHandle 1676 -prefsLen 23399 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a2813862-5ef4-4cc7-9ade-9bba5fe8fc1c} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5332
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.13.298284911\1162261631" -parentBuildID 20240903073000 -sandboxingKind 1 -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 25390 -prefMapSize 240500 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f00d65ac-570f-44f6-8171-fa2998a42393} 2016 utility
        5⤵
        Executes dropped EXE
        
        PID:6032
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.14.940901934\1943924786" -childID 12 -isForBrowser -prefsHandle 9316 -prefMapHandle 9328 -prefsLen 23399 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {595d83d2-5218-4237-9172-7b41e2c71efb} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:3604
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.15.1582729407\316760804" -childID 13 -isForBrowser -prefsHandle 4260 -prefMapHandle 4256 -prefsLen 23439 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d985a0ce-eec2-4c81-9b5c-b85f608c904a} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5240
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.16.1866307872\1724202429" -childID 14 -isForBrowser -prefsHandle 4428 -prefMapHandle 4604 -prefsLen 23439 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {18e2cd5b-13c1-4ecb-a94d-d97d88b61bd3} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5896
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.17.396041248\17895971" -childID 15 -isForBrowser -prefsHandle 8212 -prefMapHandle 8020 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {936e611b-82f5-4098-a276-b987e5b085f1} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:4600
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.18.1203161297\734871279" -childID 16 -isForBrowser -prefsHandle 9152 -prefMapHandle 7524 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {50aa4638-d862-4781-bcb7-a8ed9f66103d} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:3536
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.19.515244461\945442553" -childID 17 -isForBrowser -prefsHandle 8140 -prefMapHandle 7716 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c4ced091-91d7-4072-b04e-5de9c7ffeecb} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:6284
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.20.310455273\291691766" -childID 18 -isForBrowser -prefsHandle 7456 -prefMapHandle 7412 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b6af86cd-8671-4687-a843-5e1332f35154} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:5892
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.21.177876709\1169053781" -childID 19 -isForBrowser -prefsHandle 7172 -prefMapHandle 3232 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {708056c9-890e-4ab4-be6f-a01b3d5f0fe6} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:6804
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.22.1659348044\729782278" -childID 20 -isForBrowser -prefsHandle 7736 -prefMapHandle 7176 -prefsLen 23491 -prefMapSize 240500 -jsInitHandle 988 -jsInitLen 240916 -parentBuildID 20240903073000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {952b605b-93d5-4f47-910f-939eef25306e} 2016 tab
        5⤵
        Executes dropped EXE
        
        PID:6944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1012,i,14170317942307824726,4184021516631903606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\memz-trojan\MEMZ-master\NyanMBR\Makefile"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1212
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AB6A723BF050F38BF3FA78B0B5DBA16C --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2176
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=52CE557DA3DDC80D57E79F91631339D3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=52CE557DA3DDC80D57E79F91631339D3 --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2996
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3D5AC56C6FB7C605B67F7BA77109CE47 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2628
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D30ABDEE79D554EE3209A16AFDAEB85D --mojo-platform-channel-handle=2468 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2356
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FBAA7B202408FEB4872E15903916E962 --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1496
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6644
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5644
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6172
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1148
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1316
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6252
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:6636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\25317f11-6ebe-43db-bcaa-74b8d63a62b8.tmp

Filesize
9KB

MD5
6c5fe0a30e05cfa7dbee4912446de3d0

SHA1
3f271f1afbca7bc55202d5cb60944bde78dc1647

SHA256
5230249e8de101aa3501a0ce029d2c4673e472c6b725e06585eeee158640a62d

SHA512
adfa08d9ea21e6fd817437b3ea210d1e2db0b74e5c34529d88dd31b5ca9d9f4528b612c8cf8746c8b74cb798b733d917b264fa7ee8d85b2c3291b2b6d1f275a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\56ad80ec-2088-4d11-9829-e85b5449fa8f.tmp

Filesize
9KB

MD5
692913cc208309924a754388337041d7

SHA1
4c44c5b33133ee1b210634f88556db15f1e7e8a9

SHA256
655b2989b0b41fc7f45964cfde255ce5aac163ff8fa3dd191f3c8f7e4e636fe3

SHA512
cbe1a3d7b7f5c59a31aaadace7ed93b60a4f710e2dd37e3e1f063982f70303ab0745863023ca3d738bf82388f79b3878ca8cbfa5fbdfd5c5f73c38de361f5480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
abda1a3b3382ad83e1dc7f6f2e04b57b

SHA1
6de19ccd3cb476495f92510a5df3ccd2195c5d48

SHA256
936f1ddc7c490ae73e000d506c1dc8311aedb0519979e66237dc4390a1f29226

SHA512
4557add64de420509d754260a25784728eb807fb5fb14e28da05fa0c13744ba0c8ae9c66057b3b999192c5697d6da970d1a0b9d26ae31a5e9c1caa67fdf73039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
3a23282d95728dca1ca4227bd75a5f5e

SHA1
3d85fa9c9f3414deed965d89427dad74fea70f58

SHA256
92b45d42ba34641254126543cb995c68e0d84cba497514444f092b8dad48b99f

SHA512
4297df1afd7a671d22db4d7956d1b3791925dc79a60639dc13a064e707fd24aee2557703c80c09639252eda33aa5ca78f4bf69e7892abc0769aeee3b0476dd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
961B

MD5
2010658bb4832a112329da5a75f591a3

SHA1
a8ffcd1b46a0a6be6e8e9e73af81678d2d282f1a

SHA256
11b5af501a1192a23e484ef61ff1c0b18dcc18945060f1c8ed0aaca9af4a48d2

SHA512
1c01739efb2d5efc992a2900a52a74abd6202080f1870a92e42135b999b706347d4d6160d6161d187cbbf200e08a9eba1562a73f6130480bb67fed5614cc13ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
7310dfac72a2b88670c08334db9ddff1

SHA1
d0d84747f3d3d454402671272a5861862ab8a94b

SHA256
be473b64bb9f3e845a8533708299bdbb79ba205a3253618b82e0d77bd7d40463

SHA512
6b034b328c817a6c38088c612c895c7274f37ecfd2a00742e4902771c168dd37de1ef2b4537255068c2498e7c5b4355edfa995d54ea360cd0fd42b4d8639bf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
d0e62bf682d727c1ad58d971cd86bc3a

SHA1
96d624558ce8f1f4021a76ab3025c92f3346efa7

SHA256
39900a181653769dc545776501961f4b85f9102586717cb99861135782512c66

SHA512
dc837322d46db3860647db0d54374e632d99644ccafa68be707c5e4799e4dc03df54c2398f4c9030e45862509f29eb9bc9620ba75e3ce197aed79a6341d9d2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d190b7a5cb7790a8ebe18070467de055

SHA1
ee2e8f409f22ae07cdab213e7fc9d95055513bf8

SHA256
861ce1cdcaa66998d5eeb6ba3ba5ef3d96170c11046b02f85bf17a6ce8d08316

SHA512
34a58a595f33598564f156ace494bfbb639d8d087a1d1703005d76a56496657c7ad89d3a562dafb84d3ec9a1cab289ba2d3c21325b3581ea2c2589080bc3659e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fbcd70805d75317c3c4e4b0e37e9abf

SHA1
b7bb7baef6f07a660099a72139c94b269dae41b9

SHA256
1fa2915333f13a4b0544140f4f003307ef369dc50091cf9ef49ae021c9fb77e7

SHA512
11f834eedb49341491190169999b358bd7af89e90ed64f3a990d7f6bdea4abd0bc78da6d43a0b2538931f5e28641d91b332f01923c44a73b5ebd946b6d07fe49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36e8655082596403261466e84e9a8c15

SHA1
8f50b007ca5802428b4597f369252c2f9a882a72

SHA256
51a958d2fd5e6aefc0fea3a34209e315aa66968a6773641cf5520580fcc9b18e

SHA512
cb180b60ac00ce8a4e565b7b8c37a7c4d8769b0499a55d4f8ba1a304d1debe878d9657f3adaa36e6caceccb9e5003779503e2e243b9ebbeda669a6c0530f2eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea2b7d718cc5bac24733effb87e628ab

SHA1
ab7264fa1e26a9baf1681cb8b3e7111738a4552b

SHA256
f0bc9bd665d447b92efafcf1f419999220f7d177c2007539670b7a7b31777d76

SHA512
5eb093a9deae426cc7d760ad3524f906dd7889bd9d39ce562d35dfee9325add4f0aa2db3c136fd940f30cd631430818f9babf6b27b433ec9b5e4e5d2ff63524f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88df7bf6248b3873359734dfae2b8a78

SHA1
30522ee0a8db5d9b2b11107b0a81d7089a86eb1e

SHA256
91b05070fb26c4e923cbd573659ab9bd7d39ec297b8a03d32bea42facfd39286

SHA512
62725a30e6c875666d0175bb91f357d8a70568dfd99144491fc065224eb6ddda3bb5d6a63c50526d5878ca9bb94911c5411982ca8c299bb842a7ccfc02759500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54cee5e112a72f9575bd641e2f0a0339

SHA1
690409d7188d904822e35e26c6bda5f5f4be4a5e

SHA256
5f9ca2e1448f04aefb5f1361c7e7565e29d1f0703047378b0729de5f6c314ada

SHA512
04567c681d36200bc0d0dea7bf4bfcc66576d314f8bc3f142361b5cd57ab12f9de3f8906157008a0964a259e1d8017d61671af48c5a5ad3a3cbbc43aa0503e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ee2bd38e1308d214624eaf345944547

SHA1
27ef79c7191d3f46ed0b3b068675a2c10ddbecb8

SHA256
a883655efebff60215d4f52a7f6b32668f51d65b3399e9430ed7d6e088d3390a

SHA512
1e15aa97ad5663db70bfab5e3a4326fabe4da5bd9ad931e34c2f4963ab65c0cb54db26630dc5b309165d51d79c0c698b3f5d525dd488c54fb7f5fc4e9efad483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a403616fec9387859ab6db0ed37a72f9

SHA1
e0eed8435f825d3d8622b589ed6b92b922d2751a

SHA256
0cf74386d7686a209dcac180d9bf154bcbcba607a06583071a070347a0b9a1a7

SHA512
a239fa998ca49d42c92f8d72cf93bff7c3bb3739d958ac45aa6ac79b97cc1c2068e1103a984cf83c9b8effde99e22c5544f27dee9ece683b2f6f963bf0137afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06668217afa2de0016ded9a575f1f514

SHA1
edf63325002d82534a819939cf00bc9d1defd351

SHA256
e1f8a55a8a5cc13c05efe142b2e3410e16486e5599abd3c644cd04ba443b908d

SHA512
2bd79258fa945812e603aceb810e057b874dc013ee86f10684f99f0b8fdb90b22e5742d8b7460b6208b17f771e3e26733ea0becf5d4d908db8e2e9d73058d09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77ca7eb242191333cd0a9816b8518ca3

SHA1
84806d824cea2e581b7d8df8e3daa13d189d9993

SHA256
db6ebcca70adac4fa5da064e324098df01afaf9fa21f41b6d7df88d40f2ead0f

SHA512
e95b55f4d969406859a54225e68b60c8fc1069093c70f679fb46ff61f1d94c7c7eaa9bbb0792e2329cefdc788185447bb63b84a6c72bc493e30815dd8e204980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b81e8e8efcce957b09a8f5b3ac897d78

SHA1
93b929a9d889ebe9a3abb54f81f93efefdc1db5b

SHA256
d79ebde59fce429a45396c2d61d0704f89f19d738ec18c6133857180c025cc5b

SHA512
5a3c9a4356a3fbda637c49a818db61876bea3a9aaa4f291ff2a7c1730b7e8a7e0be54915bac6326945ad3a91879b935ef4338cbf46777598fb3107b4a5220f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7569c12fd7a0efc3d3dd3b3f1257ca0d

SHA1
06c4d0ca7e20210933d702a28cc2bae38354abe0

SHA256
a69b92d56a4bea75fef16fafd5dabb121b0d169542cb748925e33f2a08bdd7e2

SHA512
a6812f594789238bf23ee1dec65f002b8e5fdb3f040c981843a1402c186260b951b37e13a60397e8f11b426e24a5be1705bdc32bea643cc1ca016711e2999a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dc8bb47897b4452c3c0eb3899a22020

SHA1
a7825d3761cfc03be30e58a44ae1aaeda826c676

SHA256
f2efac2a6edfe8c8fd6c9566d672f8ff3d877f2ffc0d1681d6bf2a5266f588ac

SHA512
4c854f61b063c33eac8fac8995c9407eb9a89ddc8c7c99266d2771ef6334b46ea241423086b9f117e9650d4d0030516628f2069b18c509e7c74fad62b9e9ada7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4df3cc9febba335beaa3f410cc2e18b

SHA1
c86e9c065c206be6520d10036a945e7c932e180a

SHA256
b394f7522d62ba32b5d1f676e5c6e3889a86cb0aad971c258a75faccf87b0a71

SHA512
c2bee5b6896e3b327123eeefb56247934059fd1e9be5984ad0c8ec749d476acac4e02c03578e11f1270567c7f97ee2def8d7517f4a9514434f76bd812d4344f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2f73851dc1e4f0c6ffb1895eb9fb94b

SHA1
66ab38bfca4dc8c6cf9441c5bf0fc7b473034d0e

SHA256
1a7f3c968dac8e88a45ff30d7fa56f389ffe841d0aa45fb3902e3fc6f14e85a4

SHA512
b258ab26d62e4722e8547a625470ad527558caba084b58604b16db8b78f34e4f3fcf8c3d95787e979b85ac209adbd4e32b03244d354f70130f2667fa7cbab149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0811d4ab6d1e719e4b30d410890c26fe

SHA1
353b3bbba466d077b0024d2bbd830686d0cbdef9

SHA256
d66fc8286b815a08c3e5aac090217fe912bc7b1be915745c9073c4b9b9ebff3f

SHA512
fcf3b35ea4c6f307a41e7b7876054f6dcaaac1687492811ee1fb47b36a02d374179e3a829373b3f4aad61a510eb76a589af97827fcd89bb8fe37b6063e9eaa0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95a27205c6b9590ac808d4a6ec2de337

SHA1
3f67a6092e3ef7a5b8ff94c8cf600e531d19a52b

SHA256
0ea73838ec0d3e386d3544694216ccfb4b58a53cf1be74815a76af509118833f

SHA512
bd91a53461ee2d9e845529778f46dfd416df637fe259dfaa9f6db1f09997fe2836116b3a54c16689a5f68e8949b49ca88eac00a0495bb8a0603228140075af0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f2a44a9371c8f8be655af58312fa240

SHA1
c79350a55716624e44ec9a6b79561c739ba4423e

SHA256
6cc0c22f18e7394c95ebad851146359570c3f9275a644021b03d0f6ae874e51f

SHA512
50d52a27346d1f17058da3f9294eeefa76d1c83ecd859f81ca296402db02efc020774b462a816f292430d96a90ad653a3ea92ba768ecded47fac9eb9e034b505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37090e0758f7ae3370793c029c1c9983

SHA1
74fa12f315f0dc9f0baf0473dc1fcc77cd6d39dc

SHA256
59a716e3047a50327706d4549ca56cba93af387b745f65548fe49defac61b822

SHA512
d074fc4df3e50a4e063c4043f43b05dabab2edab7c2a1bc2567dd56533ab0e2abbaa0b459e7d720de51a5dd7e8f7ce8c5fbb0cf9d054787b4f5616ae8c95b3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87b96eacae94a954db1b7211b708c8a9

SHA1
6242720e0c42f75042155470eb2c481e137e8619

SHA256
02fddead9ee8fd4a64a052be753b10b630c0a6436aa26f4f093525467cb9e591

SHA512
5d83a260de8d663c458805519abd137b4b8edc26b64ca142a04ef2306ab2a95bc7a68a9dc24c6c536df5d8491a40851a0cbd6060cd42fb2759b6d76139a0dcc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9840389d1805b3a2c56f39e015e7008

SHA1
cfad2e6946fdb7626bb79110938912c5cc60e9e2

SHA256
c72666d8b0e29100e38925f7fa69f5293971eeb38fe87e822ed335daa0032199

SHA512
6d60a53fcda9b038c0d81d83c457c93b66755940ca32811f3109a4147bda92e3ca3454f5b4fe66e9d3ad147b65e5c3d629d6a5799e4be664d11276f9316873a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f0612acfb5af9f2bc7b5bfc9ad11aed

SHA1
10ee70b158d43be174502afff3efde5c2a570f0f

SHA256
9cd975ee36323882b87f41b4a16db55b2233dd9bf71d83029312c7e812a1e3c2

SHA512
dad3c590fd5b4c22c8605d65dd5bda11494f980802327f3d2bd25c060b8f1f86a922ea1c0f98ce897848453c6c0012abfba2c4e7b0fa9ac4582eb42a0c2d349b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0e83589bc32b9bb6565202f4f3dcd48

SHA1
1c288191beb30088c5022ec0454685e869db7f9c

SHA256
8ae3df7100bcf9cc1d0dce68b7b54d518ec91651d2106e353cc6d1a9c3e85e2d

SHA512
1be5d1e5b8b2707e687ad57997e0e6311c77d4494eb3a50fc2a348eb58ee16f528d36b2ca5df66031c10c27035e818d585881abc859f2df2c27dde01207e7cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b798ceffc5bf7946fe3d5e1087bd35b

SHA1
b7208d68ec44c12e464fc34cf70765ba183259fc

SHA256
18d008f70d7c7b16ad52d0e592a3129f92295332e6102257f3bf4cfb6694f1bf

SHA512
34b3bc3887ec4260c7a57bf4136591a6dc719825bf185b61b96d2074ac09453f98c629ca8c82206d65aa59450c58da23cf51b2ff10c257af309f9cc11cc0bd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71fb99d5693fcffe42fabd9223d33da3

SHA1
172ca866bb104b1c139c5d25841bd7f5da12e410

SHA256
9fa9a8555d9845833d968e9aeb4435c920c5c573521e9448069c10c79b0173e0

SHA512
ff4e788d9e55be6ec9c607fe2bf7246c24f0540feac1e40d2592a8d79dd98a1cc4bd1b128950be41939e3e9e93631fc1c31cd108995e763e92f0da6ff4ee26dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eb26c37087da23c9de248c5b9e9a110

SHA1
d5a385b630e49a00899ce06ef4c657d5ffb3df95

SHA256
eeb609e690d8db2dadce14a29ad175f9818873bf89a78851d553c701f1a0bf9c

SHA512
f6a3faa2c3297e3eb3f6a6c59ff5c63cb42bc52e88e9de22a24e8fc87948947c1aec2d27d6f61fc7888994823e82935ec528eff055a91ee85cf1fae273ef8c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2beefac51f4157eb61040d0cc1182982

SHA1
efb0c73f62c17e401d649309ed734c0e652f860c

SHA256
73aac11c4b92c6201ac67896901f9d7aad91adc3d356e9a4b1ac4c3ff55c19ba

SHA512
c81b94dd6bcd4b1642780008337577119e64b965b55db690094c3764fb81b355d12677963e7ed7ccbe6d5905d8854300c065a1e3d5c0cf1dad04ba8e816887a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85d8958b29ca478cdfd053e009373340

SHA1
b4185c45da74815a383539def4ab9613426d8759

SHA256
650ee9c98583d2a56bbdcfb0c8d8524b8499914ffeebab717fb0367278fee7c9

SHA512
83f6cbad98d907a54267c3f0a88dfe3f5043afe25fb300405c91c176ee024f864d8175cec8e58e1c9848fb176d769005cc1ebff02eb2d6de26ae9bc355a56e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
800dd97ac7d5d6fef13e0d9103dd57af

SHA1
3d334e44dde3631bfd064a9518306ae2b60bfd37

SHA256
3119c2f9221115b8a20c0b27cf77feba34165967d0985e798b6301ea16353500

SHA512
6ce3dbef60c5049ae582627409074d03627de3b9123031b731e8bce3e7ce3023d30f92ac52c335ca52d9ba291cde1630dedf13fd85a15fb282cc0681d98aedac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63216fb5f0dbc7a21e94505e29dc5f2e

SHA1
cac8466de9f17364e89f4f49094565b0839a7a49

SHA256
577e01cf489c8d9eae8491e8e7839e4d525e09831d851e23176672d80333bd37

SHA512
08ec6cb8250a74108eb3bf795fd129c582149ae78fad292ba4cede60df6afa3cd622d8f6bcf5442ab48d38716db67118834842c28897f28b9bcf56371791120c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e033d73d7cd834d9fb12e8ec547859be

SHA1
efdd01d49ed80c0dccf4947ac880c726069b95ae

SHA256
fa59ba6861a031a3545cfbd9522fd5f2d1b68dab0ffc88617f15de44ff68945c

SHA512
1acb358b3f7fac781574f11b81b98744de09885d4fda60d53375d4ae9efee17039085f83ca32174d857174ce0453341a52a37ea7e25174a3fe12b8c37f09135f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
950cfa008527fb8b0d36663900d4b40d

SHA1
241d94675f7a887b2d916ab3e40a64b8d154fffb

SHA256
628926ccfe09a7aa68337725f3ab4fce17600cec4cb6294469913fb03a1b522d

SHA512
04a489c72300b12c88dbc9143c35adb9799d679a9f1b5391ea33510839e4d1844604ba75f1e6e3d2a515d4d07f3a82bd7a0bef0496db036360e4402d992bf706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3225e8d4f9d718c6007a0e43ac0a1413

SHA1
f4688efd3291e4523dde08b8c6838a41cd0de1ec

SHA256
99e23b79e5cd926e8b3097100614dcfe3a1930d35e523bea55fda17004ac5cdc

SHA512
b352019a0d7a8e4a1579492c1e52bca65cd24c67aaf22539bf1032cecad64eff31dccc958c5c8bc3bab3931337d27929af3e478663583ab47615cbef87922d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4e7c800845ec9d5cd8b0096512f0e62

SHA1
9449edd4c12671ab5f7a41c7d30a770a958090d2

SHA256
b6d771cd8dd4bd000b9d45844e4d858eb0daf76a25b9acbdbab4ed141afe923a

SHA512
4895014e99f69deeda4fb64c856392ce5f1761473b5f159224bccba3dc1bb2068ffbbad8a71b9a4ab14da98479be17bd38992ac54d003a4c25059fdc69feaadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b1f72dc6173d584b33dd38b309c9c44

SHA1
07c8a0efa39975c4c666b6426f0062b16c5269c9

SHA256
0f55542435ae167113ba39dbd32a7de81d078e665dfa4bf13171a8d08fee0d12

SHA512
e44bd051b8f3b71c2c4542088461f8dbb4eec2c5638edd1e7cc795c286b71330c8e17a029b551c5236256aa53909ea674fc9e6813bcd245c5a4fa685fb781741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
701a3fa2f53a4d385f70cfac1497d7b8

SHA1
a856c432998841b6e385efcdea95877d22c7e297

SHA256
755bf68bc2e1443d05f892add502b9da15d24e45282c6d256a007bf4dadc4494

SHA512
bb87ac5d90f17a7f4224c0678da6fcf81736e2eea5d91e9eb6b38bfd20cea5a1044d661f70649ebcd2d641945f210ab23a40ccc638fdd73b6749d33df0bb134e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
626ad3c5e57bb611ef83f99958f8c8c2

SHA1
92e6543eeaeb1046f5d23080f1159162533e7f53

SHA256
70b852a6676e1a4115c3f724452515ce48fb62c27f64540598fc71edcb2038bd

SHA512
1f2dd9a68cdcdfd2278f8c7a2f49f859397ec453fb7c1321e83490b5c8d62e4096f79e86a767dcbd2074125741a934f408863e96eebf8a0f926e2a3683b3d58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87ed8850cb3b31cd7a9b94c8b087c0e9

SHA1
6623b3b25c9d2ece3824ca562666f014ba524ba7

SHA256
34d0d28b12c3d1ffb9cec8587763d5f21bc2fdaf2efe7751032274b45c53e46a

SHA512
a89c30f58e63e3888e77c12400dfc8d56f3699c6448ab0c4e3df8a80951069fb83a1f6d83e5297fb1e7ee52f627c4bccc824231d0547386d0bfbad4894a3d848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fb4c95639d7145c6321648f90e0d88b

SHA1
0dfb87300e347a22afc2e43f2f4403a15cab0b5e

SHA256
f2c32e4ec26fea8b395818676db102f63c81f36bc8935a00efadad982523d85f

SHA512
4e521d82ddbff9826c663883528d446a1450fd4dad0569d1a9df7a91f6e170019d9d302ae08c8d4fa913bc62f4691eb2441bc48764afde6631080f6e8d2443fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
341dde3c3c80619303f686ffb9d8b914

SHA1
8167d1a9e57eb55596fb3286f4314517f7cf67b6

SHA256
a1477cd22813f2da6f179745ab77f398d09a9a991b335778a6ed1257194948b3

SHA512
da7f5c39ca81a9630fc60ffd92fe1f5a6f717ebbab7a693893dffe0c7ecb9581e30ce2fbc1cb5987a0c15e4fd52b73ef828d7e50d2e12347702a731cd0212844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dafa2445429320e081cd056c68ad157

SHA1
92317ee24ba39569afa986fd1e0d18af5ce4a869

SHA256
81f374b520b7422eb4ebb20d2b5e1180cd4ce0376cfb7e96e6f51a36f993a65d

SHA512
4c719591b8e2e21e77006ede48d7b60f746fd6e408c3e503c232f652f92b4a0aedfb0ad82c7c6cec3b6f476f3fa6ed9c73c78eece536253079dd28a03b85660a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dd899972112a79bafb000219788a0bb

SHA1
31dbfc7c4804d184c94bffbeb5ae4ec8f59bb337

SHA256
6c0fe6e58e6ce2c5aa0b9fdccc1f783bbccfa61e7465459c9a2850b12437cb1e

SHA512
18943f0356ec3430d8699ecbd737d41c56e185f2743643e4c0724bb25d2d569e1d8fc67aee3a1d8c3219ce35d22dc9fa71d53303912f9e30838ae0e86378113d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b73a25859d59993902a42d175c7e29f

SHA1
a98e8e26d36a9627e7ee0c1be1f47a5c92080c02

SHA256
e08e413d8e2402c167773b3958efee97fb37f9c002d19022cc594c3cb5546d9f

SHA512
8bff11a3c11f2fee3dbec22783b365e1179369de12d0de7898ac340694bb59c437aab8cb3254cf61ab2e6de1c0b604184521f51e659666713da3e35e45f43a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad317d1da3bf1d6c3e2fd895d98c6838

SHA1
9eff80be0a11b88dd874eb0f5ef45e44d75ada7e

SHA256
bed5b304a106c0bc6603e103cc360a480e76cffc77443c8b68d3e531069463b2

SHA512
f82c88598881b412b1c191d3b55cd2eb5a02ffa7fd771884b78280e16bfce5862500a4edd25b700f084c4ef6f1258bd84efb306aedafb8a59a87721b6d6edc25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f77f0624790d660f98a2d9c12a67c25e

SHA1
3e30d119eeb012cc666364bcbf121fd195dd3d0d

SHA256
4d32791dbe47913f8aefff570138cb1750154fb7403aa1f559fcfd345716d154

SHA512
a13f16bfd5ad47c45861393cc9116f32268a0ccc72f3932c4f03570b01aeff748bf968780e66fa0e53f71015db69444dfe12da7f97ce11cd1f4e89321f6608af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb15119ac71400bcedb3aac15cb81d34

SHA1
b692ff400e291863760f92904d215561e9a8d138

SHA256
45210a83e1d1ad9dfd6b28889cfaa88ce1b054d2e8d6df236881ad7951ac54b8

SHA512
06cda205eabdcc0c310a3ce4f6f7c6061e48c980c384f29460d3000b089115278570ca65ecac12bae664fdf8d55d30bb21f0457ebffd9b6aa816df279643afb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8f0c7249ca63b685e943d0e22793b90

SHA1
dd1417821db8a8fbcee95dd198fa76b1c2b7e8a5

SHA256
b806da35ab25f287ef0794ee221858c5cdec92fd9180f9827ba9c881a930ba00

SHA512
a8a930c00a18623bb1020e62cb76ec0bfc14f3850cba1ceff590d3a8d4ef51af4ca5971286255d927ada36ac6db5394d2a57f0386290f45592ef4ce91df60538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b78ecbc1a6fce5e490f4bfe6137f8c68

SHA1
005824b115356536c90ef1d6ab178f9099860c1d

SHA256
dfec6ebc2227bf0236713a0f410abbc4112fb635e083bec6f4bd81036abf0e42

SHA512
1efdaf180554c52757484bcbc27e9deb55a0928b71eaaa76b4a80400350ebc608baa39002ae8d9c98a46f7da31c2c593a6442e84e69e3ccc86a5fa120af87232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b885a8b4944ba7e22ce0dec2ec4ee45

SHA1
685fac2da0f30f12af69ae4139a4b233021d0c33

SHA256
7945597eb12b08c11d92bda9d4383525d100cd35ae1e92961aac63ef2e9b7f18

SHA512
f0bc5e6c7f68b7b0c076c143eb6e11508737739a43d4ad9351880d75426f5a18d1c4054bd827ddd635ef766783a2d5f003b7ce11fd20fe81cb9eefb701ba14c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdbb7299a1dce756ce1131ba02f2fd78

SHA1
02920679ff4a34da1b40e297821676650bd6be75

SHA256
7448453cc1453a1972559737209bb4a3ff407a31b763d86516fb55b7737f753e

SHA512
f4dde00f2865cc32ff35da2f5ccdd07d3cb28313fa82ed1b28c3b52709f4145e7ee1f1b30b432d2de3c5499fadfddf8f27d1ac3dc914063dda5bf13fce69702e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27f079b635970117492acb53dc77f097

SHA1
9c16f2cf83fa66361d64bdf5fe50f6cb523b71ba

SHA256
94b0d966c7a28929e8b72fed2be932e5f4ad775de2aac82fc7f68f5ba49b27a4

SHA512
9e25d12732103351526380240cc2cb6b07b96cd3aac04841448af54069992904ce5c540be7a46684e6e8c364dabe09f147a6f58759f72636d296c0663f9fc1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a71201cb2665990f8fc550e7c8ef8ad9

SHA1
e515807e438d936579938c4c7df110df17e8b2ce

SHA256
7f42113e4590b92566632cbac441cf8a88e520e5382c58e14c993521300849d2

SHA512
3b69c6948c07f1a82c45d07830131d4bb97d054af97b066fa1438159a177456513b80e58011d9a42600adcda6873361e28214a8bab4a54eada9a2c2d0baa2faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13912e176a744205a4011ba716c2d440

SHA1
29c1752ebf1df1e54c5c7333d6972f2b0d2b9bee

SHA256
3b1568e23b06d921db429cc4effc554b9f4426437440fd0fb6531ee2ba47630b

SHA512
4952a1dfcf0de7dbd2233d7f06c7c7e7fb500c950904787eda3f8eb4e8d65b7a495f1ef44410adcf0a9406aa6e64b1dfabe313818deb038bd1e654096b6ac531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc971f412fdc0b60574fdac990aa8d7c

SHA1
e95dfe569ddebed3ec6b032a2d29c32842ac2a74

SHA256
54a4aed724e568a0b2b87e884df14215f8236444b76deb80d62c8f6283f8eff7

SHA512
031dda0cbef602819c3f6e42916fc4e9633af149503b7675eeaae1a877dad26dd369d71c3dd8947dd0ed31e7104c094e956b0bcdce8fb7f7b0cdb3e55cedf0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1c1958c8bc72269be7402b829056e43

SHA1
e890971f6e04aea2e2841bac243708fe7e61a153

SHA256
492679f9a552b2b8ae260c871e384cc7da40d67e412482c05929bbb16490a579

SHA512
fd365fdaf1e7cc46544b55a770a7cec1d4806c08e0c3d9e4e6f7dc5a3ba163ad6820222a9a1280a0b41ac2787286950c38f93421817f4d468ce0d18c1431f8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7d98c7e9f0812139789fd2f3980e31e

SHA1
26b88aca0e2dcb9722fcfcb4aab930c84f1b0ac2

SHA256
231e2f16679e2a07c490272091fe88431e9a806ee9352b11944a8ba884199b8a

SHA512
3cd9a01e65186b62639fbd798ca228009f37dae3557c455551e7c925a19d2a63573a394132acb63793bf397dbd78addf2100ca0124995da4c9d81e18e698a1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95d158010d343df04c0751b7dfb4d203

SHA1
1a3142c317356d997b0fc279d370142bc62dd963

SHA256
223650fa6ccc8c488bcbdd3011c8bb44cf624b383c5182e86e9f524747586fff

SHA512
68dc3639d39478453ff1158921f41e6225d959dc34d1f0d9dc3e5c1f07897c2dcdd154037592425b0e996a68a4aa0fe47abc03334f568d5de19f42dab271dff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c9993872c44f0f66c81db61ed0b88d9

SHA1
28638c2a300e6817920d77dab9f76d7a7bd4030e

SHA256
926b8d9734eacb1d55ecbcb6802039d9014e792da1738c11fa02ab6f34b19165

SHA512
6cf3dafee6e2e18cb6f6dd683eacaf1b74005f827b37eed8d98a5c8a9508b5a763daccba06017b78950f2afa1f881d2ea823482627d0480ee01f85b11b6dbb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
802e777add8a373e48147b455fe9d824

SHA1
f7af57a934a587a32cc450cc8b1ffcbeba3f840e

SHA256
79414e4e9ad3a55248faa838d0059262b6ae5cd82228e98ec257f1615af33089

SHA512
bf85067a5a69c60021c685ff75532517e3bdc697968578a055a01285f4e7456c2bc7459a1e7fefc77ac04922e1b2de974d676f342883d271dbc3ebda384b9332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
828bccd653d5f4a82ceda765ba39f568

SHA1
9d1808b431dcdf070b4640ca12e2659753a37764

SHA256
f4cbeea94bdfc2d9a617b617bb5814269cd7810791736ca03c90106f775763c0

SHA512
a132e1fe11ab8b1b49814db7dd9d7248151c27e563033bf2985ceb803382209be52632f1383aa0e74eafafc438837d03962536c2c1d7609fd33bd00bbccbbc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f59d31a5c4bbcf5102c7dbc3478385f

SHA1
5ab3947ef422aedaf195b054e2c7cdb47e360f64

SHA256
cb3305ec3dfe839d83ea4ad556bbf4c781f925d56cba7605f8e590e5fe0bdc68

SHA512
fbded658d7b2265daf8d5537cdd17921fd93da16f825e026c57bb5e3c71a51a59ae7e80a68a492942d9c3ce51296adc4ce7493090068370acbdcd615f9e566b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
202d0d0d1a6bd95230c5bea0c5dbb415

SHA1
b0cb7a038a3d934968108c828b30d7ba5f44b158

SHA256
750547b1b19210006a79582c8c30f2a4c17e6994b9d377625a7c2be93b2a2528

SHA512
e8b73c4d61219941207cca8924b3af1f64d14a0617bcc8e56dc9ead532e384e69bae4d34dae33720e3be3a886105fab090b738a8854790cc202598dec02fa96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b390b08b6ba0f9287e3bed0dab62c4b

SHA1
b531fdc7b629fa287f36c3f1e477759f0251ef5e

SHA256
94b78deac6a045063021d4f0e2b35ac105e0e7fa4f7a983d738bb75963a450d2

SHA512
94b17975040239d3790abc713528be9e228361cc24aaee2f50500880934484dfa2a04047660276ae3c8279ed5064fa0720998eb9a32f64014156aa0b152dc312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83b49838b77d1113e721e5061bc513ad

SHA1
9dc010cb606f4087248dd828569e3774a45105ca

SHA256
721103646f0ec641ea68aac95974f29ab90328102cb1479ee9b0608ee3ec23b4

SHA512
0bb8270549d4f4a5b90e441c52b73df4f2946be0fa0f0d9f1e94a6a68b5970d9dabd15f3df0a3de21473dbe25c39bb4e749ac6220f869ff60c49017f8c53e58b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
188b43978be11da1eda2f521a18712d1

SHA1
c0a8fee7a760dfe164f803d63115b90a14e75736

SHA256
2e4022d712b0c9bc6fc92d26b5c6fe38553ca9c20cba3c9fd2d0ebe9eb20c7bb

SHA512
9d370a6e8fd19626995bcaf5ef1ff6e698c9935cfcbbcd6ab9c0b85b377cc2736f3516497171d2044ec16c07813f289bbc27dc92bf2713b131a887902334174f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a91a04712deb96424b889160c0fdbd6d

SHA1
84314513f92da7003626ef26b52465e3fad6cd6a

SHA256
a845851d89b2b205fdcdcc317b33db66ae7adf3c1933912650a0fac28a502df2

SHA512
008198c604f82b6885f154abeb6e976c6c489ae4a1a11c9288a2acb718d6e1a26467bd852a779a41bd4d424ee0c138a68c7ef8212c68ac59bf081074e1c038a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70d35b2dd36d6cedec980530b6919b44

SHA1
3b596e48f55d21126e249b854e33aa7bf80ba912

SHA256
c69d6d7a2b4a81b63759277964c60d6f0cdb042a04d6e14fe9444c567cda27f2

SHA512
c38f0c10e9477011aed3702fbb16ebc6e92eacf5ce6b1c64a3c4c93c47a689522fe579acddbb8423fd046465bbeb5a21f8ff67637f7ebec4c5706f618cb39311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
104b4b93855d93b6ae40eec9616d9c74

SHA1
774fcc4826788fe8e1647331677ddf2afe9123c4

SHA256
e659c91fb897daa6af0ad67414e42622a92034c57214b48e7ea505668e644231

SHA512
7682044d882a7632092e6766fa5acce171e7b85efcb932d8c96c52bf13cfead9b81f22584f60ed84d5200e4152068a2ada0e9fed233c7999a9d49d3d30a382ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ff69f1a14807091c86132cba5cc39ef2

SHA1
ce6127172e6937f36a1ab4dcb61c9abc547310a7

SHA256
dfa5c72b62531c3fe76668ec4581d7f7c9055ae0d7ad3c25b0f5fe61be0c08bd

SHA512
d4ef4c608a981b4d6185676bc6c93b58e3915b78a961499f161c3314292bbc585af99d619ea5dd3b42ceb73133eee8ed545d69b3a2a36fbd608ac1611d9f41b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\T863FehM.zip.part

Filesize
47KB

MD5
c31e52bf196d6936910fa3dff6b6031e

SHA1
405a89972d416d292b247fd70bbc080c3003b5e6

SHA256
8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e

SHA512
a5335c7d3beafdefa6cb1a459736615ca0151fa2e64dafb78de65aa4b924068ad0dc55c70a5317be19edeb899f94ea02e2e54279933b87828ebe86ef95f13291

Download Submit
C:\Users\Admin\AppData\Local\Temp\UJhKRyre.zip.part

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\i2C8nj9h.zip.part

Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB38E.tmp\LangDLL.dll

Filesize
7KB

MD5
d02e216c527f97b5cd320770cbe03a0d

SHA1
76a0bea3650c393341e240231cf999d11a3d8eb8

SHA256
cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

SHA512
39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB38E.tmp\System.dll

Filesize
24KB

MD5
62a6f7756aabaeafe2eaa8a1b19eeb99

SHA1
24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

SHA256
4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

SHA512
7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB38E.tmp\nsDialogs.dll

Filesize
13KB

MD5
6cac9c4cbadc065beeebe16e57279a9a

SHA1
26bcac80ab11c56d8d9de74a85ef2314044f96ca

SHA256
f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

SHA512
854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp-tgy.xpi

Filesize
941KB

MD5
3adefb1f9c87ecb69fb82c894f2d72af

SHA1
b1461712ab49a90c5c15b5166c85a36965d5fffc

SHA256
5e9921599c63e0b357851ea7ca1354554b3af2c676bbbfff5687cafce4396c18

SHA512
198f9c7096b45f20794d0dfb23c5f8c6206bf2b73a396ea1f2a49a8d61d1bff96b4b0d0df954909674231db9b854c98732d151cd9b34905f7d13c8d162cbd6d2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
7f59094d6be7cf85a69af66c90dbc226

SHA1
70307d927e137dd12fe34e5e9150efd6935e010e

SHA256
fc5d3eb52def4f68b9f8485b264a47d3319b7f186bec9d5db1f8193e25372d9a

SHA512
64aa3cb5500215d5f56f27377bf03985bddb3f4f1c16e920b7147a996189444ff3aace4c4ac6f79dc935d861419975e2442b68f57c7ea978370cde6b59ff1293

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
f84aef74fb30cc957e00d7f8628f2d1a

SHA1
d586476bd225c0c9c5772cc15f72eca4309aba25

SHA256
66b7692e3eda14ec47924928bfec48243bfde65089ab433fca9ed3efe2d46343

SHA512
ee8f91e44b24df8d8399ecca2d5cc59572981191af3f1594230922c478821a31b294a53616591030dc31496f15feb90be6fef11595c140e30bebcab9bc62557f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
6d41b0eef7274acdc48ee99e691992f6

SHA1
c6feeeab1a11ee43c7931925fd295cdb60aabc08

SHA256
df1fd20bf7a2c22be3cd56a5bd988829abced7c4022294233de85d1aafd1fb28

SHA512
b218d54673be9e4c7d1d5edfd07fd7066f3e37cc2b5460d32eb13a25d255aad874f58560abb1701ba8bf8673fda61cc83363200ae79944363faf11152a41a438

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
6KB

MD5
4934f92e4f418fb148b70132ca8cb2be

SHA1
3d17060f6a8bae4acb0e708d12ac2ddf29fd5af3

SHA256
0c744e1a554b0af1f7a5e1c77ebe97fd98252e25bedf2e23fbb2b46db6c09a5a

SHA512
245d48c2f5a8e003826d7c3607181f2eed59d3cc77373eb66288e1007636d45608eca1a4e23d8dcb089f3594682d67138fc9d93f62b957f7a49a70c25177248d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
19e0d301e1730ff447945abfb1820603

SHA1
08ee051f43082deba3517065cd2aef02eabcf112

SHA256
9788ceb0a30e9d59e3bc4dd4fde53c8194b362e5e483788ace34db657c011f5c

SHA512
ddceaa985f8812253f209f5280dcd06cc40aeaf2241a48e06d2ee85c8da81aa1a2185941264e8c92c5e3f6fdcce8526ab158d4545adf70f988e57830f8b74a3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
867B

MD5
0bff4d128937441539f107181952c015

SHA1
9ab4dec525f95037ee77e5fbdd95abaa529e4db6

SHA256
c18ac3cab80c493c52cfc9244f5075c5085db56b985e89f154ea87c6d31924ae

SHA512
c65dad9208e07eb1ba7b65c8fbb480878c2f00c86affc1afcad3a9c01db38d83162ef0d45b7b6ec38e96f70600b1345fb06c1fd4de9244bcf8e7449b3271d5bd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
48KB

MD5
5656983c850592f272b3f2a7e9ea54a4

SHA1
30b3585c117fe9273aa3b8b2ee5faa8670926c47

SHA256
3d4ac50bb6cf6d89bbd2e367ed570ad03a0639581c5e9bbcdf8bf3a6028afd08

SHA512
dac48fc2ba5fe8f6bbc0ba50515567f8653e284a8976958a9ec24eef2dcbe205f63db0649b9a171354961b0dbd5d191300cc56180f373b4fd4ea7b76f227b62f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

Filesize
2.7MB

MD5
7f01228908ff829b9c43e9f40294e38b

SHA1
8dcbc95d4fd2e8865e848dacfa3395499f2a583c

SHA256
3be775d2ce626a2b34282c376ad62225e2da878412dd9e23ff63050ec446acb3

SHA512
eba263abbc5e97e1973327b3726b121b0761b4065ddcf79a4d6d829aa91cc46f026099566b3ff65ba17b2e63d095709c9ea5c89dc5b1a6f824081c3abda90c0a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
6.3MB

MD5
59b415d35f7b390892a3b5df84ec8929

SHA1
384b206ccb69b0962d6d8c167d72e2386193bb95

SHA256
90cc4e0416a1b39eb6754ae26d7feac75cf1c1cb5c1b57f29ccba92c74ea6503

SHA512
dcb9b1c17e220001da2946cf2505bf65b4305e9b038730468d48a6244c4493aaf5344d5e2538de23378282ce91b4ec0758642be1e1c6e4be5476acc8831c88f9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
24.9MB

MD5
34dd09bb415552f3f8f0f5a442decd62

SHA1
4750a36b7cd0a2a882843358c3cfa2ca67d23283

SHA256
220dde83cba0e31ddb203c625b883a03c1c0fc57094ff290baa94e70c89d6308

SHA512
400c4da0a2b9f486be3f6806f13153e7585ac5510811c4d587526abf6c0c33065e52678151205896878b7e916717cf4551706314a1445acd48e861464698e982

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
934KB

MD5
660c5631a0b6381f3c11327c9e37867a

SHA1
dc2a4b88c1a84536657662892bab9e8ee5f42d63

SHA256
a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb

SHA512
17df941f337a2908dfa79f6fa255f5d6c96035476238b6852dba8c5b14b3d7368a885f0fceef4e923c7720cee3221ecb4ffb19695520bec809c2fbf6939aed1c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.8MB

MD5
3adb2f762f2f1767e5d4af55b59d3e32

SHA1
89b4c3981961a02d824205d1e577fa178416fb4c

SHA256
578257ed4baa0b9438fdcf596d2b5a79f64b81f9985ddb066b6ddce72e50b996

SHA512
42a6adc1000eb1441725dcec200117f311339b3e62c2370cdf7ed4b7ace384259fd2505286543e6eef527e08787c3ff62e73fc35145d2f8bd62d672ebbaba0dc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

Filesize
198KB

MD5
7b5138efef2c02dda9cfae9917cd913f

SHA1
b44b58f354c4a68e119df226f01ad763b2d1025c

SHA256
9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

SHA512
47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

Filesize
7KB

MD5
bd4c30081a164037311e8712423c5bf2

SHA1
2a13bc7987ca34644b075c1fe197ba293b4ca527

SHA256
bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

SHA512
2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

Filesize
5KB

MD5
34699ac8824cdb6593b4dbef605dd6b2

SHA1
22ff82e35cbb1ac9053f767f404ee351786fe0c2

SHA256
328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

SHA512
fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

Filesize
111KB

MD5
fc6ec655d6a00c567119522854e24172

SHA1
b72baef2dc0aca98cf7d3458cc027f4b0622db08

SHA256
0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

SHA512
0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
690KB

MD5
077e62d6a81022c5fec6ebf0ba013ac4

SHA1
e0743b30b16c5fb514bf882ccae14c77b2662af0

SHA256
88c1635804a7904de347cb4fd7d74f626f2a3b75e7eabe52625d40e71063b6d2

SHA512
b51c6ed76d512374f7b64a49c8cb039a04bb76ab11179ff333e2d9987d9aab1a4f88475906f667e2286b8b6d10b0031647e88144b2b09a912b3a0c25c2a362e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
60981f1615158a584539d81e1cf14de4

SHA1
0ac8a9c480c1a077c5806246a85e8a9474e9c9e4

SHA256
2498e4a28f3b91afd83544b8d43bcc13a10f41b3fb7beb5882ea344788aba4e8

SHA512
4d194452ecd0a98d09a52e0523b95e18fbc7497b9769907a8e026f00e103379b6d32abc6698d7f3fe590e41f907dacba378fbb101ce0539272faea38f0e38c9e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
1724528b9f6f561b82689ff0a6aa59d5

SHA1
f43b21963c62ff9862489c3b9e085ee8f13e679f

SHA256
2e579303a8950ab72a036d61af318a612b5471c5eb7fe7198ac2a256cf0d4b87

SHA512
cb8deea52d3753edad8c022e98c752595236509ed86358638030ca90a7baa100324556622f69f568cae978a096143dcbd91f2c67069629add8e161e22a986ab0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
eac306aede6231e6ae0fcdac251f2eeb

SHA1
5c767f4b4df0bd7f2125d3c4541c9874bc20a014

SHA256
18c53f28a3905dfced30209ae12b470b1e0089432e6a5bafc4adfcf41eaa28ac

SHA512
ac90e9d40beaaf75e28d545366d404811dc1ada6d2b30beee402360d9e7bb03dec72c77e1c3e8c84d406d613b7d5413252bcb857c5a29dbabfe3c4eef953be26

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
b6a62cc3fa4b3544b9cdbf1d1ee6a2c8

SHA1
3a0259d66d0000bb8251ea50f3ae97d80b9802f6

SHA256
73075840c54e778b110e3ef62f5a2a62b762763bde5f54e3e6978494cd405f4e

SHA512
796fc40ea786a820da28165723e062b030fc9506130005d24c35551e467834c265b6e4345d88098fd0bbfbef1aaf5869bcb05ee05ad7a80691a084ad706cc675

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.3MB

MD5
2c5eb0819f1234efbb9daebf3432acb3

SHA1
4c03b24986fdee78c1521aa227eaf5ffe8fcae4c

SHA256
0c690a19a5d486dba157c1cf0632768b260b21eacea8708a64787c38e78af3d8

SHA512
d364b16f8a0c5fa29ccc77711fa54568fc50f42b29b561ce689ff5eb117e3e0536ec30f72350031019ad2b01be3d779a398ae8be85ef7fe10690b5446fee12cd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
3cd76df1ced23796d4ef977ddef30b67

SHA1
31e0b27b05ea2d2d9b42f34677c6296f95ca3886

SHA256
79218815d492460433b429c0cd9f43d0c44892278b7b763372e92fe09a713504

SHA512
94c1d51d5f06c69e1d2e82afc6538069d6944c62eeb812e2ebdb19e9256ecaba7b251e0f02813bb7156064386b01ca1c8fe9355ba2e143b3fcee5fea534ccd79

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
68f3083ea4ba8f737e3c1f5b100b6edc

SHA1
54b4eb2f5d59812f43d9290c139e8c067399975a

SHA256
9580dc8ee061f092a5690e49dafcd25c1bd61589d3e78c776d482430a9b9cf35

SHA512
333c812177ba79290094131768c185d4d900f16e8213b6f7451484d498e242c9690197f032420b94e69c99fc736e84b0044283deeb2db70a4e85a22e1fd8e3c4

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.3.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2016-706-0x00000249A4B00000-0x00000249A4B10000-memory.dmp

Filesize
64KB

Download
memory/4216-589-0x00007FFCC3C50000-0x00007FFCC3C51000-memory.dmp

Filesize
4KB

Download
memory/4216-588-0x00007FFCC4CA0000-0x00007FFCC4CA1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads