Malware Analysis Report

2024-11-30 19:32

Sample ID 240925-e6j7ksycmg
Target http://google
Tags
agilenet defense_evasion discovery evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://google was found to be: Known bad.

Malicious Activity Summary

agilenet defense_evasion discovery evasion trojan

UAC bypass

Drops file in Drivers directory

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

System policy modification

NTFS ADS

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-25 04:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-25 04:33

Reported

2024-09-25 05:03

Platform

win11-20240802-en

Max time kernel

1800s

Max time network

1801s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File created C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File created C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8F58.tmp\eulascr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File created C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File created C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gnil.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717124415757600" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \Registry\User\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\NotificationData C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File created C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Users\Admin\Downloads\Gnil.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\spoclsv.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3860 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 1444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 5796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3860 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6db8cc40,0x7fff6db8cc4c,0x7fff6db8cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1696,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1776 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3004,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3036 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4300,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4456,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4140,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4448,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4972,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3068,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3084,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5124,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3096,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe

"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.0.1114692376\1343584556" -parentBuildID 20240916205705 -prefsHandle 2196 -prefMapHandle 2184 -prefsLen 19245 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7c69da95-8f52-4088-a7e9-2d1ca0cf89e5} 3504 gpu

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.1.4457130\252144800" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 20081 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0a448f49-1dd8-49c3-b6ba-0fb39da6204e} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:0c708b21a895cca3604202899a4b04368a562336a10254452b01cda04b +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3504 DisableNetwork 1

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.2.39974919\1709963742" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3416 -prefsLen 20895 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {22c436a5-c2fd-4f5d-9915-c46c1da96a01} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.3.1859857644\608637720" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3608 -prefsLen 20972 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {988f76f6-506f-4641-833d-7d1b63f3d4e1} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.4.338760676\246789765" -parentBuildID 20240916205705 -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 21415 -prefMapSize 240500 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2f9b73fe-75c4-419e-b1ee-e3049083e6f9} 3504 rdd

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.5.1194218217\80462388" -childID 4 -isForBrowser -prefsHandle 3184 -prefMapHandle 3104 -prefsLen 20746 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5da69dae-c0d7-406a-ba4b-b666a383b8ae} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.6.1183206468\1559191459" -childID 5 -isForBrowser -prefsHandle 2680 -prefMapHandle 2772 -prefsLen 20746 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c64f19b9-b0e8-42b5-bfdd-5026bf856fb2} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.7.1969734639\156379531" -childID 6 -isForBrowser -prefsHandle 2824 -prefMapHandle 3600 -prefsLen 20746 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {57c97214-232f-482f-a17f-d27fba4ddce8} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.8.727409180\55172023" -childID 7 -isForBrowser -prefsHandle 4596 -prefMapHandle 4624 -prefsLen 22907 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cd6955ef-56b1-4073-987b-ed3db2ef1ccc} 3504 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5408,i,13752737850578685562,11257899312328935007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5804 /prefetch:8

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.9.68198218\262191577" -childID 8 -isForBrowser -prefsHandle 4056 -prefMapHandle 2056 -prefsLen 23229 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ca2394f5-bf89-42bb-8c95-0cc4e53ee041} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.10.1687577198\1681041932" -childID 9 -isForBrowser -prefsHandle 4932 -prefMapHandle 4752 -prefsLen 23229 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {41159f41-99a1-4c5d-a387-7109392a2d92} 3504 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.11.311696001\1816359445" -childID 10 -isForBrowser -prefsHandle 4880 -prefMapHandle 3924 -prefsLen 23229 -prefMapSize 240500 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240916205705 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bfe8e1b1-cb99-44bd-b33f-00e523867eb3} 3504 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8F58.tmp\8F59.tmp\8F5A.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\8F58.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\8F58.tmp\eulascr.exe"

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 204.8.99.144:443 dist.torproject.org tcp
US 204.8.99.144:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
US 204.8.99.146:443 dist.torproject.org tcp
DE 116.202.120.165:443 dist.torproject.org tcp
N/A 127.0.0.1:50317 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50457 tcp
N/A 127.0.0.1:50517 tcp
US 38.97.116.243:9002 tcp
DE 146.0.36.87:9005 tcp
FR 82.66.249.246:9443 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
GB 2.18.66.89:443 tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
FR 40.79.150.121:443 browser.pipe.aria.microsoft.com tcp
N/A 127.0.0.1:9150 tcp
GB 142.250.187.206:443 drive.google.com tcp
GB 142.250.200.1:443 drive.usercontent.google.com tcp
N/A 127.0.0.1:9150 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1e1dbe1dc0290beffd3795763ff66db2
SHA1 d94b48b0445c6694738f2656750d97338085f0da
SHA256 e3af3e42295513dc56f0a4b9d25ed8cbf16c0f8a67db6be970a0a9ceae47824a
SHA512 e23f9027b2ee7a34af4e77b94a76473e1a05b5af006335b75e139cf92748071da9754b8fdde0875b4d813b2b91cd81a475a5d76757ab53e2e225a0aa638867d3

\??\pipe\crashpad_3860_ZFXIDHPRIDMNGRPA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 0afa5668ea72405564a10679c0a653a2
SHA1 ffe78207e528108fea160701bb507cb7a1709360
SHA256 48bf60e9e8809b7c7424f54e09ed6899cec14fb5ba62f6f5cab45ddb080aebc3
SHA512 18364e0f30710112117de27e9a080c7b9b8d478d028f2256f7133caf45dd0e5e71f3896ea0092d1b2e02ddde77b0569bed87f05595bbce4395febbcdaf38f67d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a458d36afa02149864f84220ed822636
SHA1 0514bbaa1456ea568e4f0e55b4ab4a4a380c2ddf
SHA256 83e124dc2e4727a29d7fc4ee04c2a3423916fc20fc8ed1590112ac42a126d137
SHA512 f1566dc56cf898f3ea755eefd94024a456bca4655576980cc7f401ff2f50c69385eda783f9d178b1944f92580bb8173e42a90c0149ef7528d942a7b6336d4230

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ff4d181e72955d83e5c975cb39ab8e7
SHA1 e8a52dc7dc0337b3619638b7b4b19de13985628c
SHA256 f390becf67d83ea0690b81a508cbd99df73baffb4d558235ab1afaa4e26b1c0c
SHA512 57e28c1f6aa815b9156971469ce60b7b1e4b18beb12418b8159a01018a4ac5681d6369f5b500d636ffe38d0ee6b339333e007f62626b357f615ea57ddbf340a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6297515d24de02c4ed9b526805ade87d
SHA1 020567667699a13d7a10e4d6386e4bbff8795391
SHA256 480bab6727fd4f2673c77cd668cc1408dd155f8f3d06b6bbfe681d8fbadf0d1e
SHA512 4a4c81df44d3169005cc9740d68efb352400385ad685a7c0aee1476d1fa15615d303c065994e18b94a633c177fa82b7819f5c381381e5b1a9c502fdc0a760d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99d338beca13900f3c6af8a531eae57a
SHA1 7ee80f61a2296d59fa5da1ebfca533a372d9093c
SHA256 680bf045287033d664464fda6c39322310190ced5e5ec430cdc968c04e67ae4e
SHA512 c664c76d014b577082161b81d6454eb226bffbca21923eec4e437ba8219f10a739a89b9626c4016333520c1a747ef68b195b109496d2088af9a5cd5a24172dfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 caa0294f81d5fffd68e70aed8a60dc6a
SHA1 e17aa9e5a55ce4604097a20d7734a5fcd7427323
SHA256 ef90e900785cafd763a83541e7b59c822c2f46415b04dd73999443e2154b5f86
SHA512 7daa87f7730e09d73281d21a877a281f5fd62a91435413eb0ffb582d15432d0643a1834fade20fdfca928743d8dd2d3658ad12f29b78b12f7efea53304542de5

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.4.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 81e178cd0b0759239c08d268f54c4bd8
SHA1 56b6d7a6ebbcd1f9df3bcdd22824c63a7a60f860
SHA256 ed4fc783ae802ee6d7799f726a6d134dd72182afa2e6dc3fe0d60fd7d1534f3f
SHA512 0570a7d87ddadba77fed6e5967817668aa6c947832d288e6aa097868b0476bc614298c403adf02d3a1f958dfd95e99fe201ea5923c25de4b86262ba0352f78ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c2956cbbff422565a796760de05c105
SHA1 fdd0f89c5b0f02cfea1d07ed995466011b406cac
SHA256 457fcaee5be2a3231dfb3cc9f6688cad20d4666bf1b3af8a6f06a40313d998d6
SHA512 d00538a321b39a9e6ee2f8db5824794a3173f27093e7cde3e5c82c51b8a965ccfbaa08cf247b63c86032e62d61632bf11c3391cacb8456136bad64fc6a2bc2a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 caedb384b35800ff1db5fc957cbb772a
SHA1 854d97b5715bd4d10e2456ee851af762c8dc529c
SHA256 89f9cb53d04531976b3a5f52e756147ec26b956dcfe21948d67d933b3f3d56ea
SHA512 184d115ac637b4d8a66d70cd98899236d0431371babf0d40101de7157b616acd24f071d0474ee0a184d703679320f97e8ee67b4d88f1c9e9f3820e5fdae33ade

C:\Users\Admin\AppData\Local\Temp\nstB3FB.tmp\LangDLL.dll

MD5 d02e216c527f97b5cd320770cbe03a0d
SHA1 76a0bea3650c393341e240231cf999d11a3d8eb8
SHA256 cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4
SHA512 39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b906111fb3ebb66bdde7e2dacf183c35
SHA1 86d2ea786ce00469c029b9506bc6242eb8593842
SHA256 8ad3d9967f9c79227e4f7d909f279c397996210bc4895714e1754310918d1169
SHA512 96a271f3e2f837d59081ee3d4cce89c76a1b06b30259c5ae67c7af4b3fe394f1b76752ef4603830605cbd7679cf79a42279f9eea82303d64124332721faa0bd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7f54d93b8685c6e6f68bc5b0931a24a6
SHA1 7047c9e5ff0806b5993d2383d7fe198bcd17aaa8
SHA256 8b19342881129ddd44ba6315abfd2ce86093b7de458990605677b72733dfd5f0
SHA512 d3c3e46b51f422ad6397f1cc5fc106efac363d42c5098a797f951169ed7f0da2983abe81a49985ab3e9e91f5a771a6aab6e77c4f90675f272fbd76801fbe0a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7caf3661e796089e21742bfbb53f65b8
SHA1 7766fd74d5152a504c9a073edaeff39bba2ead01
SHA256 fee6167b96d9ecc2066185c04a8943c79b92dba2950d9f6626a605fcd2d98c5f
SHA512 128d40c490ea9e490cc482cf34883321e2caf6c4f7abc21eb07562138d666e4069399471b89cece04b6286e0e235d483944d5046e30070b42adf3285461cd2f0

C:\Users\Admin\AppData\Local\Temp\nstB3FB.tmp\nsDialogs.dll

MD5 6cac9c4cbadc065beeebe16e57279a9a
SHA1 26bcac80ab11c56d8d9de74a85ef2314044f96ca
SHA256 f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb
SHA512 854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

C:\Users\Admin\AppData\Local\Temp\nstB3FB.tmp\System.dll

MD5 62a6f7756aabaeafe2eaa8a1b19eeb99
SHA1 24b7ec2cf0712f03911fad6b7ccf933e0879fe5b
SHA256 4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7
SHA512 7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

MD5 ccebfcb136d0193c004199dea8b6615e
SHA1 24d17c0ccc66d66966879758d1edb77070756eb2
SHA256 621b72e5f42493f5606eca9df84bb2c3b2f0c44e9c894c8357a54180d4ce01d6
SHA512 b2643012df3d4aa0c18ff98925c2be3932d5f14fa301f8f23503814dd904c38a69e602db068ff68d3011cf559d36b863dbaaf6b3efce52427626e5bcfb5dfb98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f7f28cc083f95d7d671487ff3cc42b64
SHA1 11c63e2bba657166d86317cf56a44a0b7b521136
SHA256 ef60855d95d455e550b840801d1fcc5526bf0ed4a9068212b4c5e4581c499145
SHA512 8142d11931476d137f1c7b72eaa343ce0ccc266f16fe7c8d6ab3ad8c2bc523a1b17118f65e019a679d50891c6ed8160d67aabc6232b1611f3dd498b66efa9c46

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

MD5 f27860c41fb72631be70518234baec06
SHA1 6ba6050ce49a0ec7b812362315462779025eab8b
SHA256 4491e3d51f94a025a9e311799387b6d19b9541350086d430486c6b16f627fa77
SHA512 8d8189e62f61374c55ca92e56896a5bf4beb3f54772d7bf21715c3e15a9427990be14b0d956c7665e9d0a0da04d29e4bab28235c6593ae658949d63a1e883b8f

C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

MD5 9b291e65946ff15f554f284e762bdb33
SHA1 eb4405b8987a970358c13904ee94bdf2957a3b61
SHA256 846d367a59ce0ba96f3db1cf683c7180cbbd0888ca093ea56aa2955eae3d68eb
SHA512 197d75a23c5279c0dabc3d1cc18a02d9d11ff484191fcfa3d6e4c9d1f2bd2e5356db35b67db1936d6cccd19aaf0faa42423fe5c3542029db7d207ab50687a53e

C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

MD5 b0f728f380b1c92d811aeed0d4be8ffd
SHA1 f012d2f3e4f16a1c04fb53e500b616a741ed91e7
SHA256 8cccf55c0c90a6eaa3c23c7e606e67eadd50115fdca5688d1b5f0dc72914aec8
SHA512 327ebcb80294652e04d401f24fd2ccce46b724ba90c0f739d03b106a82cb31269363b2f977e2d0ececc148339fc8a55dcc0e1454a7c9e7b3907be4136db540c0

C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

MD5 70b1d09d91bc834e84a48a259f7c1ee9
SHA1 592ddaec59f760c0afe677ad3001f4b1a85bb3c0
SHA256 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce
SHA512 b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

MD5 002378140d2f4d3d9b07faba2c08746c
SHA1 cb89ceebf438e99248646f94d19401f29fbb3b67
SHA256 d73150ac4f0c44a62043f9ed6f66347fc5b8a86ce6020f0854509bb4d8a0a468
SHA512 3cf2acc032b516376139044574525c765eb95f4a60c6a39cab8dd435721c31ab12bff28f9d3dde741f49234bc930db1e1247c17ea3c2fc0dc77ceae5c8626463

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

MD5 5b0cb2afa381416690d2b48a5534fe41
SHA1 5c7d290a828ca789ea3cf496e563324133d95e06
SHA256 11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c
SHA512 0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

MD5 cb3170b12030499bade31a96946793e1
SHA1 338cf00cbd372b80b9c51525a3a8159362b9297c
SHA256 5f7b4585d3b0ebed7d5b8c9fda6299966f42304051f7d43bd8627fbbb6f6cdc7
SHA512 b134bb0d5031d4b34cdb6074737c44f83fc89a714c6febd90888efe4121b40f82c5897d07b0d66446e5c20c6f634ec101a5552f341a9310074e9ab6ce1ced8ce

C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

MD5 85391cebc4b4d4753b5b21e867cc8fc6
SHA1 877b748fc9a325a19e7a7ae8f0b6dadf758643e4
SHA256 1765cbffe5f36b4d29aa76ba5a003ff9b4e3efd619df314eacf608d8a1523db4
SHA512 cb3ac13da1c7b6adb2bb1afc6cedefdf2bdf99f21d7bffa020ef38cc5c9e2e4655ee18d05774e3e99f231ada5973f4bcc25e2c7e993cbc592b674d2dcc11f56d

C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

MD5 3d84d108d421f30fb3c5ef2536d2a3eb
SHA1 0f3b02737462227a9b9e471f075357c9112f0a68
SHA256 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
SHA512 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 3adefb1f9c87ecb69fb82c894f2d72af
SHA1 b1461712ab49a90c5c15b5166c85a36965d5fffc
SHA256 5e9921599c63e0b357851ea7ca1354554b3af2c676bbbfff5687cafce4396c18
SHA512 198f9c7096b45f20794d0dfb23c5f8c6206bf2b73a396ea1f2a49a8d61d1bff96b4b0d0df954909674231db9b854c98732d151cd9b34905f7d13c8d162cbd6d2

C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

MD5 f5a03be180dcdf0e18f8287648094db3
SHA1 7b11683c727ac3ee740b4466ae30dbf3c49cd1a8
SHA256 ec29c401c68c7636071b754211e0343d3a34721bfafa45ca94e1e65c672f7623
SHA512 e7bac981c9080fad36a507cd78c10d4a6026eecd9ff6257b1c03c80ae9d4371d545b85acd275275a5e1c54eb2c780399fb46a82a919c78162679fe6ff2decae5

C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

MD5 6ec69abb7ee95158fbd49846a61c75ac
SHA1 99383a8c15a60fcfc0a9f6e6b6cdbe90666dcd9d
SHA256 e71e2015eb2efd8a0e61aa6f927dff5c3d377ddfee82552f535e2e21d2fbe91f
SHA512 adb525a7fc8af4c76dc477cb88182b611cff40fd421b8440386cf0b94a4734a33ce561a96e7f9154c16a91d5f6b4db998384f11ea9096593a4b70ce045f4ed0f

C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

MD5 d5acc4479174674cd8c99d0081865caf
SHA1 e6d69deafb82ef9f612774bb4e69f31e2ef11b73
SHA256 b631072cb604677b179f315816e1f4193e6aceab8f00fff8ad3e523cb2ef9c15
SHA512 359bd229262559de8acaa580c91f49342a13c12bcd567d293c2c31e5e8e67290423c73336bc42d484e190ad99fac786d1e5c9cccc6c381ebee64aa0c646e5144

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f08e8056b52acf60d430428cb05fb5dd
SHA1 1019f2966d4f6b4d839940a9d22076dee511e0eb
SHA256 93b685f43657987b2bab14df745416dd1f156a1894b1633a024611c61d89211a
SHA512 c14e5e199c804910cafbe227559d94e4132136cfac961aecba4c9587f21115fe15ae215d704fcec6bb19f2431794c035e5ea5e2b9b90d29ae559e251ed2990c4

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

MD5 12764d72c2cee67144991a62e8e0d1c5
SHA1 f61be58fea99ad23ef720fbc189673a6e3fd6a64
SHA256 194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d
SHA512 fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

MD5 bd4c30081a164037311e8712423c5bf2
SHA1 2a13bc7987ca34644b075c1fe197ba293b4ca527
SHA256 bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba
SHA512 2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

MD5 7b5138efef2c02dda9cfae9917cd913f
SHA1 b44b58f354c4a68e119df226f01ad763b2d1025c
SHA256 9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba
SHA512 47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

MD5 9390ee64243e5335b79e33e5e8311341
SHA1 c8d4b3ab79f6b12311eb4e4da29e709e583b5870
SHA256 cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef
SHA512 ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

MD5 778376d22591a4a98bf83ac555ddf413
SHA1 608172ca18450b4cc61ff6cc155f66cff55c5bf9
SHA256 8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53
SHA512 e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

MD5 f0b22427c3ddce97435c84ce50239878
SHA1 a4a61de819c79dc743df4c5b152382f7e2e7168d
SHA256 0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084
SHA512 ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

MD5 ac01114123630edca1bd86dc859c65e7
SHA1 f7e68b5f5e52814121077d40a845a90214b29d41
SHA256 1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c
SHA512 1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

MD5 e782457ebb0389715abdf5a9e20b3234
SHA1 e0d9ad78d1972d056d015452ed8dee529e8bb24b
SHA256 0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461
SHA512 3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

MD5 27dfbbe8ee4015763e3c51d73474e94a
SHA1 4328cdc9a3f9c6b7df0624c81afbd3459f213e40
SHA256 b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e
SHA512 42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

MD5 793eae5fb25086c0e169081b6034a053
SHA1 3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475
SHA256 14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980
SHA512 5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 fac8a646d588f4de121d36bba230cc51
SHA1 c53aa041beee3d4a219bfab94f9b4f765c47f08e
SHA256 eabfb760ee4e48a7612228de1405f12dd824fbe163d8bdb48cbda6eb44d489a8
SHA512 5a17ddcf164cc4ef65661585659bc4e0c088d7606c1132bca2171419b1429861fc26f39a5616b3f2032d7ae4c91305222a1672e4f4eed38fa471d4b3346397e8

memory/5968-590-0x00007FFF77A70000-0x00007FFF77A71000-memory.dmp

memory/5968-589-0x00007FFF77120000-0x00007FFF77121000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 f10cf1b1ea83fb6a8a1cfe264b0c19ca
SHA1 a7f67088cf3f83e9a6928076551144d423662600
SHA256 89c5e7f9b56d8f58ef7d8b15a00e8852df9dab3ba27bb5f240ad246a1006abb5
SHA512 81359f9444be558c8e664ab6a3d8b8f35b9d9108626a957a1921dabe330f29823c0dee67e1e5134dbd64179de3932bc0b9462c4ea5f73a7570742e3d16fbdece

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 c1f68dac517f2221f7963a2e6451d35f
SHA1 77312b9e4b1b12a9047c7f68248bc395f5a5982a
SHA256 6976d0cb9b4334dce9fd7efc066bb246defed01ac9f1b97e60f97bba38fff787
SHA512 2fc8c6b737fde5045206c54850f05f537a2d82b0ea6106649483ba6f98b35734711aa9bb2cdc88cf6f3ec592a1751fbd590bc3005bdf412649e942bcdb8990d7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2d0d0cb00485484a3c56965603897806
SHA1 63592a9ffe1975deaf9a17896f5273f591c2acf9
SHA256 a16f20f5f8007b417b26210c3966290d4a6532286975d5cb5cb23062e3cf5f8b
SHA512 bf5c08d518c79be83f018a1557e7471f68bd6da179b310f0b783b5374b55c4897388af72dc578cdce72a91b7d92f334f4fde5a9896f45955e0ca0aa84998309a

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 959dec3c1a82b787deee7edde04b508c
SHA1 7e02ef96c61ca9a5b9b020b3a2dd2a32f99c1758
SHA256 04e8d0543a29382801619232e4c688d66f6f450c966162f6bcbf3521524136e9
SHA512 38502ba6ab1c2798f50f71088a6aa8d2105263009ef1393198fd5ca6c5951e50be9e2d4997951ec2ae7c216cdf41078ccb37fc1b30c65fd892bbb63036b5eb9d

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 dc9f361a3d5b8915fe93fa5b53d75ea9
SHA1 9b839fe34a522bf7a1166c725fe0421005497dc9
SHA256 650adb664d4a9d67048a739b7deab092df33de1b2cf140685361778defb2f2dc
SHA512 f8aef41bda73076fccd87fcdad45055eac24dea1d8f185784a50203f65c0cd7865724efb3b21c4bfb904df7af5d571d3bd0dada7d94d5da4498d353c7cca86fc

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

MD5 04b41a5a28df4e1751d4187a4672d6fc
SHA1 bbdacda88e2e577d581ba2cf4b8a6e84d0712942
SHA256 3738e3a558da9e7675a0437cd07e5062b81fd20c80dbd7bb2d98e6cd046737ec
SHA512 dd9704509e11bab1c06162ee65077323561daa7165f7f4b977341993287fb4520e20f89b1102ea39834feb5b0a322575eff034536172a2353f79ddf03975ebac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b81c313963de8042af3fe9e334993617
SHA1 8895ca8f8d1c511d24f51051db884f3a9e8e33f1
SHA256 9c12a13472afd710a75d7254a31384b5d9c8912280ddcd944b93b0d2a14b549d
SHA512 6feee790eca562866d5ce9c9580926d7ccb4daec22118a1ab3584132e3b2a128830be6801534f4b58f7067aa2493ab7157264ec3d6e24a2ca13830007d13f1c4

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

MD5 7080ddd317b480aa5c46c17d4bd08beb
SHA1 15041581c8006aef3fc4b9ddd93030a2e9b08a5e
SHA256 e5b4180deb93d4dbaa1e18edc2cae17c236511e1e067e5588f6fa560b0965103
SHA512 2e6b52403dd2da03e0b192bf32287b17158ae47cf23bb8683fa23a486ab72779a08c52f28eaa46d3e64e598d690291f2b3725c55f7be1aa05be4ce09c2036813

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 a1795cba720da1a24fc0bab4b1334bf1
SHA1 5a64a19d9b385cc1e24811fc43a38f5f2b26ec33
SHA256 392cf0e1bf7a7b82866d14fefb940623015857ed367503a2f2de5af745fe3e85
SHA512 3d1547f29c05d15de34ae39adede24c829ed7728170534e258aeb5ff6bb48814b280abb7a5bb6ea8649d3d4fa9c987094cb28cc293b8e335bb0efecae0f25615

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 5c1447b27611a18340c8bce77604cdae
SHA1 21f01eacabad78750c8dc4084b98bba576dfef76
SHA256 2e0b1a2ba43ea24779cde1d78b338744f43caca330af2b289186d37bef215fd4
SHA512 6b6bbca97301a56c7b99a181f177e3aa69a3ce06bc62a7a5c5b907c3765fafa2590ca220d722931a54cc945202362969a24dce04a80f217060472e2fda4894ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ce889baef4a4a2907be177bc306c958
SHA1 26c7c2cbddbfd48d96e46f68cddacd4308b17059
SHA256 7730d80262d025919dde6837968cf52292cc18edbb60b9418ce7a57c1bafa6f6
SHA512 8f3bc6aa614e99290505f9c3321352c336414809785e671159059adeeadfd8ea0e09a02b8b17c9fdb8f6d15d9c25b125f3066c4fa3105f911a40bfeb3e46329e

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 c8a4446ab9426a53b71e5fa207f89b16
SHA1 625ffc4e8683b0980d7929e19c0a485ed00bf8f1
SHA256 6e43ad2507999f0f676039e1ec67b72c3a8accb839ff3ad72b7622996bb0fd0f
SHA512 0a9e7b66fc7da4b545358cc876329b947a0a3fe485ea768d9a3fe26a0edb039716219bb93cee68cdbd3e0aa129f6d71501c9f707b6788672867d90fcee0f1004

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 118d509a49f9194ea0c3720498a44769
SHA1 042de10d853b5fa363cb9d1f5b41b7ac4831397b
SHA256 1e954314047cf34d7926e6d25c6ce785d5fcfba0560f3aef281a9499aa847ee7
SHA512 607bbe5cf2945525245f457094592abc2f72fcf24c548bded7386fe16de3fe8e1b14afa32039a95ff2a84980216ca4951568e65f9b0a6eafce49a7ebb3db244c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e67e1488aaeb59a408a0cf3382194fab
SHA1 d041555a8ef79e9fe7f1cef0d81d59d6d41b9fc3
SHA256 3b7b0f312d5853a0235ba7db6a46f6f1072611ef9bec65b9513dd296b224e8e7
SHA512 d30225be4e34ec59e7cddf274f830fb5138ca3ae4a6ac34efa85cdea002a67b7941ae8ad6baad934a20209bae501b2b610d162c41e5e28994c5c2ed7a0d98bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 faee20aaa9964eb09a098c2c6defdcdb
SHA1 a6b9631ecc83ea6fcefb76f600f73207ac8a2178
SHA256 3869c4079d4af16fa12c36aa604ac338f83accb65801b5cf98d83b93ec468e1e
SHA512 c0b9808eceb0c2d9fafb534a37c394d389c4071dd84b5bc3051593f9f81ce2cedc4a9702e8181532853dc88b3f8c963968acf19be65a186e10b2fa6eec5d7140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a119edfa1fbaa3069f92ae49200631d3
SHA1 0e4d617c3b0f7775baaed783c37423a3574acc9c
SHA256 4cc6fdbb416ce15ee9d209a677ca9960b9af8710d223b47cf3f0e23e1983f851
SHA512 03364381701b5312680cc677a00e9ae7fb332730dfb320d7c1691a46d9347d74418bb0e53e0f710096077856fc7bc2fdf24f241d1fc8b54248aa596cccb22534

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cc74e718e99fd66129549d954f864e0
SHA1 4f5187c0dccfff9efa7607ce34f3e5de27d44d9e
SHA256 67389d09fccf376389387af99aab10777c9e9c9246c8349a6f141f0d3615db10
SHA512 121c3481610db5f603e98f883a4bb8a0f7da88593344ab32adc4971dd5aad334b21fb20292f1c23b64ccf9b0dba3993b33a93c2bec27926fad6ce763d67f42f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6543fa8b411d8def7bcf8272b6e19f34
SHA1 8e83c04b4a2a48f2ef759cdd8407d910a7904544
SHA256 443d9466832acd43e13969d5d045fc991e289d10956c10a3f003868576a18d78
SHA512 95f5237847f0510eb354da35decd63360d5abf977b956b6b89e266c2d266cb91c397e6e8d00eb892a870347bcc5d2e1149b8e5051d6850bc9ae6300542ca0cfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80c5146cbfa57f0286e2e230eda47767
SHA1 ed285cd8eb145dea1e0372431407cf4c17c459e3
SHA256 b44ee1c1e4e35f1b2d64ba317b6337b3959bba6b34a0b38dfe72cd257481777b
SHA512 87ca35071ca09f6c32d07018502948ff7abe84c60b47fc6475ae8a364a4c7ac81d2f94c18bcde88d75f7eeed57b5fcc877321445d68470ce022809cf3c2ff8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb9a09a8c43b56f54bab5c94f63219c6
SHA1 172cba804e6b2a5ad33f03ee2524e5492c64580f
SHA256 2433ad56699798e4b56bf8ed0cd8be48f95f40eedd970cf2ee28ac4408a18f0f
SHA512 4c3919fd0b4be712f7267ec8f24fbe661a360ca081a65365518d8f7479944790993e6680c310a3140fa82677e083e7c91bf859aae915c6fcd27e0ee0c881b6d3

C:\Users\Admin\AppData\Local\Temp\QiN2WnGA.exe.part

MD5 a56d479405b23976f162f3a4a74e48aa
SHA1 f4f433b3f56315e1d469148bdfd835469526262f
SHA256 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512 f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09ae0c0bc18f1deca40a7c68fcf9eef5
SHA1 ab6b6f53ded147c72cd725fc5facd4012352c460
SHA256 cd44e5d0108f5d937bfc09650a4bad3ac09e06dc1676c90686a0819e6cada8b7
SHA512 84e87a6c4c87502c5824a87e761cf41d31428a5cdccb6d9b6b97387954b23bb4bf9cb1c6e76f286153b02d820a45df8efa08ae1898d2b38cabe2002d14966e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 327328ea4728d871919e9087a90fa1f8
SHA1 dc40a0f5d061ba3d1b8e50938b22718b9426bd12
SHA256 60ab13d5c911f4614b7d1e9407bc6ce2fa948d7fd36c89297fa480f8c1459d64
SHA512 f7b1768b7b68c65e3f9a7172cf211f727489a8dc4e4412a9db820a8a521f860284dafce71b1ad27ba0eaac101fef876cad1ad73df8db4b5eae8057037f297eb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 557f4e2c5424cf53d4dfdf3074a1100f
SHA1 e8b7e05adac549fae795795c01f4f2f9f2e56195
SHA256 cd6cc9d0cd1c5d9cfca28f332f198c5b22f94e4e45e07e356df3e28c3c0fcbbf
SHA512 c8f2c5b6fd9172758103cc293dbbcbca8834fd7948f5f8d16ae8b7d171b5f3d5339d3f4d928bb87a1e36686094cddd8b2e476ba62d4d19936aa546c445a3d1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4ab30b096d205223af3084075615bc2
SHA1 f7bb8f0b24482fdac568075c3ca8d4581b49bf77
SHA256 b0c0bda5d010995727b991e9c6d57815e7d9d8325077a9654e702c54a200de18
SHA512 eadb6103e01ffa5191911d092975ce3b1bf1f207daa4e89e55254b4de004305eb8ee386ed676fd10c10efbc3ce8b5660e6e7eeb33127d61d49b78b77090b83d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8165f55d0ddf845224b618ba4aa85513
SHA1 d01d758456eea157573d22b100f68e08fc6edcf6
SHA256 e94f3f702e0767599b7df3a8a6f110e3618251e021ebdaad5362d906d0c51e27
SHA512 1e999030d8405ef0be0e088c5bfdbe0bf48b41157ca362702cdfd94450d02203cfd99c1eb5c7b75cb1170ebcef2e4a3131c9457e5fdec4444a57968a1c06ddef

C:\Users\Admin\Downloads\Gnil.exe

MD5 37e887b7a048ddb9013c8d2a26d5b740
SHA1 713b4678c05a76dbd22e6f8d738c9ef655e70226
SHA256 24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b
SHA512 99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 131bbcb45fab6ab347de74e04f9f0325
SHA1 cc47bfe71d077e481a1a4b52f407d43c83f59e51
SHA256 5aee57e762d83575a0f249f48b549e01a4f8901c52e3ea0e1a284b24ac2d64a7
SHA512 e43dce25d9ae93937461ea033e7fb0bfa8b5ea5ba1f311bd45584b5efac81d6de3653dbc81f614d78e15d90a2d81d0929012e35b32442096123846de77442d85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1458036a67b2ad1c68c886bcffe952d5
SHA1 6d3d5ab7d3a2ab3d4f79dd531500b19dc637ab57
SHA256 937203f0ec212c0a8312a3d506074d181fc8aa0d9cfa04059882398513fb5085
SHA512 289a6599770fc5b4a62f12a36fca34f4f4412d9967772c04ad53676a6cc6cc593e69cd3b5263877de41f0ba017c1180f216edd2b3eea52d87ef1a3859e8dde1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29761b22176b7dbbee7a26dc550aa3ba
SHA1 01fbbdc09ac7ef75dc55af6fd51fd6ef7cb9f595
SHA256 5d7204394a0b02d3cd4c7e453eacd25ef55e1baa9ccd2713da39ed62469570ea
SHA512 6a9d2ff7454e48322d329cec8c55d839045e94c63c3691c070ed36d87dbc553a8390aae941e414300a0fbf3796240d3b0ae51761e9c8dabdf86e2f4d10942247

memory/1532-1182-0x0000000000400000-0x0000000000444000-memory.dmp

memory/4464-1186-0x0000000000400000-0x0000000000444000-memory.dmp

memory/1532-1187-0x0000000000400000-0x0000000000444000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 417b67da3288bee45e8cc1c15b32aaec
SHA1 7d0f05eec6ea077a37f40bf0379074bbbc03a268
SHA256 bf71d98a0a1c2ab1b38b8c123cd30de5ee06e92e5a7f530396d870ac826336cf
SHA512 40d7ffcf5bcd11ca68782b8b6c9b55cb9a49e6cb1271dd88dcb82cbcc0bc2d210c6c944a0c587c1bb1b6500b2e37cfe57ef05c682ab3ca3cb588c093796db4df

memory/2592-1207-0x0000000000400000-0x0000000000444000-memory.dmp

memory/1064-1206-0x0000000000400000-0x0000000000444000-memory.dmp

memory/660-1210-0x0000000000400000-0x0000000000444000-memory.dmp

memory/660-1214-0x0000000000400000-0x0000000000444000-memory.dmp

memory/5508-1213-0x0000000000400000-0x0000000000444000-memory.dmp

memory/4652-1218-0x0000000000400000-0x0000000000444000-memory.dmp

memory/4000-1217-0x0000000000400000-0x0000000000444000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 caf92a4ad85406eaa1a27ce9df4d1930
SHA1 09e64f77abef4800828f14cebf2a9f8a391e2e06
SHA256 ef75cd9d8f634ab0e153f9ca9838876ab82cd61bd8e0c173cd9473d461df1c99
SHA512 b6bcf14c6c207c3c21602f1b1673ccf03e7e54e794a8fbe5b588bcdd5fcacd6e148ca035f02d4dfdaff1a91eb30f016777fb59adeb01a3c702269d7bad0703fe

memory/3988-1228-0x0000000000400000-0x0000000000444000-memory.dmp

memory/3988-1231-0x0000000000400000-0x0000000000444000-memory.dmp

memory/4688-1232-0x0000000000400000-0x0000000000444000-memory.dmp

memory/756-1235-0x0000000000400000-0x0000000000444000-memory.dmp

memory/3460-1236-0x0000000000400000-0x0000000000444000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80fe90ba46a717147d922186ba2fa201
SHA1 170fa01a595338f12a08786de7b997b3865b2e73
SHA256 999809d885bd4b951a6d28789c4d03d32ba08f2ab0847c81d658b4337f5f4301
SHA512 76e3e7607277793d72a73b8b3e0c6177af1a2d9c7343f343cb93c68e7ec008a9ef0ec3db60d6ab3d22187a2f129a6b3a9aabc6ed2ae9966a23d182a89c0118eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 627d67fa24d40f98de3872084a831a25
SHA1 e006244086c29d3277f446e7d54c9311da8baf3d
SHA256 908a273c76534eb0a68b22988cbd4ebde2a60d10b3817c9aaddb30116d133723
SHA512 4872f95c323a96362705055f524355d7f9e12c2d4dcb783531bfdc6c775c115ed3d93c9b1090189fd31ede7f7b0fdd433e25fd709a24f0725e82679d651dd6ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 495d6119d7e97122a5906ef5d2e460df
SHA1 d5a8eda808bb75a3cefb467b09311534bad9b547
SHA256 49bc4233796ea4af5290f67f751c0f0845b1c9c76122ba5ae3c940c711a115da
SHA512 a1e4ee70b208981ae32e0b3f6f1b61d684a5664b6ba368273a98e6722d449b836a2de01bf4262cebdcc89bfc82145d094eb26e5ddd8aaa67f0e00f98ae63daf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfa1c7dec0e350b309b0801f386807e1
SHA1 c82919bf0b67827d1b66863b7a3e8b02b6ef08ff
SHA256 25745c52180fe3ccd7a23a336ff75013a7ebfc391497fe92c945951ee9060a0c
SHA512 8acb139b2d914fa55fad5f4eea45ae1f7de8f06f98016603386718370fdfa09b2af2b2814ca5e617b85bda414a25efebf5ef05d04062e74a123bbc1888b237c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8797b4f3e1d89e68791b6ef03ccf527e
SHA1 852509d9430b6ae77446a3057e0a48be854de428
SHA256 45d29bf35e7c8581f0edbd7ab5f9ba92cc4626099d00e41d55ced92e6a165155
SHA512 57f6f88acb3145664a71fad3dba9a71b0451043767de61c421e2b6257b87e872d654ce88541a3e0fe73c67a005f94cd6ae07df941cdb680a4f3f3b888118dc8f

C:\Users\Admin\AppData\Local\Temp\GbbgzVet.exe.part

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5739f7e60e9e3d9a0bea015baf81dc0
SHA1 e799bf22f30b35505fe82b1ae2e3a95de055ad3e
SHA256 c60f6fcc84847a10d332855ae130407841effe6e2921a540395b3d2eddc48b30
SHA512 d63f223286a7c59085ef1174752b496b450d9e94d6ebda33b28d41a0fc5d61eff6935f449c6ece404cc7ca6ff707fca25a5f6bfc862a53f7ca651fc85d4a5171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f648cef155331bfed03058ff0eab50b3
SHA1 2afb08b756997d5e2b4bb6c53f962d8b7bd33684
SHA256 f79c3ee0ec57594db04ffce9bc8da560bede79c3b138223dbad1e06e9aaba08a
SHA512 1fefd42e88be7667eb53292f3cb2ffd960954ae59e070e386d2e0912efff62f9236a856759f496c268c65cb0476b7b0085e37618ffe0bfe2cc9859ea236ed581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a759c227d2f416b51cca744f43dddfe6
SHA1 579cd7bcaa61bbe88c1e4fc0ca9cc9517869261a
SHA256 0b598f3daa27f54a92414bfca2d263680641ddb02d4e3e06f0e7bc93e7882cb0
SHA512 2a033f629b43cb888e0c2e305467313d53e06f5526920983aabaef656784fb3c90b020332f5ac329caabdf37ef57ad90d374d4bec22a5b9de35ab528c00677c5

memory/2068-1363-0x00000000003F0000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/2068-1369-0x00007FFF55660000-0x00007FFF557AF000-memory.dmp

memory/2068-1370-0x000000001CC10000-0x000000001CDD2000-memory.dmp

memory/2068-1371-0x000000001D310000-0x000000001D838000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aab57e7369fc1274b6417a9bb34956fc
SHA1 1089e2cf5f98fdc757a432cbe1b1ae97fa928dff
SHA256 383e1d02f683fea4213abe7817051a1aff41c98d58afdea394e2475b3dbb3966
SHA512 b6dd5327444f65d1288944b9ea60e24ab0104fac36643ab13fe2ea132861c0363079fe32929a825443273b63296c10812995a6af64f399361ed554a0bbb96646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d339f9ba0aece4eca43d366ef8fb2ad
SHA1 f5e892afbcad9d79d71e825d958a596b343dcf0a
SHA256 e642f2a226c7324f8952b6fda8026b16e729d4447f1c2c61087f6ca8d0b49ee9
SHA512 411253d13a7dcb14f690e544127505e0f911127c3cee9c670186d91cbbb03becbc04f05201f65b0dd25951aa8b6c69ce0a3dfa64769474ab69ebb2305e6a46e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0f4f9d1194f4066e8105894fdc0bfce
SHA1 8f8cce206f763f1c8eef59a4887f5597fea32095
SHA256 5947bf6c5fa94865e5ecc5d8a38be2c33331cc0c4be802c1b58639ffa6ecc348
SHA512 b85cae3e076c05919cb68299dd2ab53fb553ed242212392b22d60d0f0baf0aea0b466ddd633aad9c5189e5a90a43e3f6a1bb532b04e243b36e9692de328a7236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce81f6c6ab2e116e2b688acc80e12a13
SHA1 b2198294a446946a95590dfa5f4900270882d141
SHA256 3648a14e901b7b2a1d7471d764b02ed544a27465a34f9f2c2e27c66357f43d21
SHA512 68feee86b3493a5767483655e0374b4021b9cec5e3cd295fc3f366c60e1028bed9aa05f0864fd875366307975a0e09cf255fb3417e4fc016b4ff1a3f4410e475

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b19b03b58f6ff103ea100ba788cd7f78
SHA1 e22574badca44026649de784f91a9cf546f3eea4
SHA256 53fbe40715c2efa9e1edf9f50388508535ad9f8d379b02f2563efed2ab1c4971
SHA512 b0c320cbc06278c409b8798f5bcce1daeb5f3d0825444efe5fdc788be307f76044ab8b5616121c80fad5649c1e30b49de32758f7e7b2e69bc485628a5e5eac3e

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 36ac5dadb346549c7c7990e9cbf77ad0
SHA1 5166c5241e64fb5e6b8279538e5cf8a95d4e3963
SHA256 aabc9b6e3306a7578981d21ddf57feeadd167f4dc470a17665c87ac2678b0f73
SHA512 a21d7b2bc5d50320d55fed3338a36dededed3f6eddf170b2a068e22a2f8e6e157fa819b6df81081ba5d2dbc4c9ac2e7920a178087442a8e9fdb5182198eb07cb

C:\Users\Admin\AppData\Local\Temp\NRFLT-nF.7z.part

MD5 81041a562190fe49c0fac248638b2d04
SHA1 755d8426f18e3f0ad8e28d4655468d8cfdac67bf
SHA256 0d64e4fe519291c901b67944d9215f6254552c7ea5d12cc4fc930ab58c7ca268
SHA512 e482702b08e401de88c67a703cb1612831f0cbc9365eb2e634602712bed6ad6cfae30dd820d96001c49100420bc457af083e7c09d79d825e87fe231cc0646eb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 620c734a796ad2e289b3464d50c0207e
SHA1 16e191a0d6d4cfa2416dc7136e1bea8306c4d889
SHA256 fe6321a65e34a3b4ae24303df2d57617b8b0f903935249d5dfaedd34cbe1f1dc
SHA512 db3f9eac44d5e9fd9bd184d7f4051f6d610f3b90b40b8ee038435b0bf40c81443d413e9ada7c3e8598678bf2e9bab82c44a02842dd71bbc4a2f6190ddbb9e923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee1fa43245695235fb84d2e617d0a9fa
SHA1 3348bf2ab9963afd9bcf650df4d354630deaa56b
SHA256 6f92d74446b19fe3da6932c40a4a58b5068eba46666701a8160701f9d01ffb2f
SHA512 196e8f53fbe2d12a6e0381c4841eef9419cf8bf4d795c183e5dd29e9667eb41ce55e966b3009ac4c7c3769feb21381ed76b1390e29108a0f16c5fc512b716d4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec54dcb2d18508539cacd785c03a2437
SHA1 39e93dd2b3ddca1b313150a1d2b8754e0330785c
SHA256 462856f0d977bcc8644cc20bf2f47f29f14b6b77210daead8269ee9fbee83d2a
SHA512 da085e40db08a12cdebf7864d665581127dff21896c7064236f07da619ce407b39922f5087af6b38bbd771e2ccea9e129c4adbfebd6dd631cae9d2c594414e9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7ba5db8887dbe0e91f852288a6ecd33
SHA1 06097eab841f59d5bcb01df0df558b1ada0c59b4
SHA256 5f5a58ef00992501a8157e107919efac8ee7af0b1c0629a342bd5f2695241d07
SHA512 01033258b3e937db1acbc1f72287f60944acfbc9dca0b281bf26702477082d750208d2424e0d95b7eb263ba6f275eac1f0a949c39ace036850488a0d0946a1da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f28eae4bdad36204ea9f9da407c25c7f
SHA1 d2cac5fb4272bf586963799440e2dddc9376bf64
SHA256 25a234a3f74e3708d97bd9d189aef3b6bbe7f4637273fa8cf6fef154ba39ddef
SHA512 5cf2020ca82f7d737de959f318121e46b4224d2ac49af7c14a4221365e9650f820a2126eaad833a75707bc406a41d2d342ec9c807c4cfffba5798fb3a542ed1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76dca6c18a0bc8efa0cbdb1e07361d12
SHA1 b45bbcbe66f0b4db918f985857c34165354f9b35
SHA256 8f54763e91bd366f07a09704409621fea8d36eb356747e3b1f836cb631f4f83b
SHA512 73a755106ebdcfca669d42543ad01fb38d34446695003aa3eb0e506f49430aa874c846980d74ccf7cf186446bf74b70905e4913b8e0a27816def7d85bdee5136

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a116797d1c9ea927df9a537585964ea
SHA1 3174eda020087c3fd9c7e33af0af9a1aad4f3122
SHA256 6df5efb9ad4509f020926a312c3326b29a9bb2c08cfb1e0737979e1786b3dd95
SHA512 ab7a786123d4a2301dbf7dcd276cc0091f152b250ede8e70aec6a0af1fd89f88b36256c8c78127ae0a7eb0c30ad16c5ec3025a2ba74d132addabf086a8ca12c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 253b01085666d26959595f296f46badb
SHA1 18103fb69de2d3aac3c2b91cbcf46717c3a7d62b
SHA256 dd81532efeaec4ccabd981a0d473f39d264efe8c4dbddc2e9e37d1be32230d1a
SHA512 feea5ace220157ee14d2dfe744936257128dcc3765187061bc0f7318c35ff45cf1affffa5bb06be03104ba36f67149f64c540f88c344b55ea071d43267f50d76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0053b31dad6c753e7ad5c2187fc4ea86
SHA1 b189ef0cae938372d736c3af7cd1bdb8c7b9bb91
SHA256 8ced8afe1b8f4b15c4517b97396b32874566c790029b0a66df032b576eec30ac
SHA512 e154bf027d160ab1b1f9a1798503ed643b5c01070be39fe873f93dcb6d772cf3f9d4689d502faf649c78983ef20e0572e05cbb9673b0b582f51d27729837df66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b0e1ae2115d33ae3f14618175074d2e
SHA1 2933372ee4e8d83c175554a8104c5be4f30bda54
SHA256 30237e5b9450a1e6a24186f1760011b429159071ccd5da2de8e7631dc25923b0
SHA512 20c34ee2772897558c75155eaa79a10f59aec86858a56c346c34f3613475b6d5f88d8e37482f1028309ec583e9a35f2219d0e4ebc0eaa92c3910b55373d5be76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 054c8915875cfaf289e542ca52cac5cd
SHA1 93604d7cd1c016324085a13881ce9a5ba675ebb7
SHA256 a0a9ba3b0a86e47d62d22987f00daceea8c5ff13f8542dc35f0f8987fd9c4ca2
SHA512 2e545db0c051f63e68b063d18580eea95496686cf80d63e4e236e73b82cecf674cab3fe9a5217ca1bdabd48f8d2c6a30ca549f380ee76d6b65f03d0fa2fc4d17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e725a8616a5dd2218151a2af572aabac
SHA1 475368dc06d11e86cfce213d5c59c31ece84c324
SHA256 e259870fa5914d6a1948c0e81f93d829eee2df747d330e80fd942a845e48bfd1
SHA512 e5248012a639ea9780929e55d127cf488395c05192498e5885035977c2ae9c101aed284eca1798aac3d8ad3f67019d5d5a751526424ca514ab159c4440a6b606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 324bed030e4205ea0686a7bd7e6a900f
SHA1 c72c0e84a9a17bab0fea5f62c0d79dcbc976d1df
SHA256 88b03ce347689668c58894e0e1ac13d14d9cbf3862f9a1934d6cb2a594967511
SHA512 3d330dba7d056265297d4d4038f21b4f44deb56105b99d8ae8e604bf0195f40e78312a4b6bec98e9aab20ca0c265d2dfc588f7235f1a913f48ad7b295657b69d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64fa21bb8e713dd4ea7b57c2d5f65bf7
SHA1 4f66c6b2370af1656e74eb52301757214b8db614
SHA256 96178908f95f13123111abecf2cd6a9a21439d5728d7f28e216d050366a9ba2a
SHA512 1899fda42c4d003c504fbacbcbff708061c63f20df3659e15acc04f5f97bd59565589e406cda5e575816179baef59bd383065b2a4833c76347532dd75bc8565e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 724041ca7a2466deb0acb2518a08a908
SHA1 71cb9fac2920eead38e928b3f3e9b83a0dd037cb
SHA256 1098b34581cc4acdb4caea551cfc399f926ebf86c771207d70020c741d65ae11
SHA512 455707348698eae98a6e8ce4ba729d04b6aa2fdfb0af15b57eb2c984adb3cd52e4c4e5b19046d9d931c0bbff3a171d8e25facdbd60d106b77f13eb88adc98ca5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4fd4ee57242f052c1b660992f015a62
SHA1 eec291b0f1decfb0995f309156c21152df72fe0a
SHA256 a75093f94bd449df3259772a1fc2b7139598496567cc590b96a4ade7d8202a5a
SHA512 8442c733fbce8a24d1825cf13cb3e4f2f24907a59f449013eed5d276e059b5b905be95e52835167775223aa0cd23c040bb7b2d92d39352436b532d6cdbcc1a8d

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\bookmarks-2024-09-25_15_ZTuFML0NSLOGR4wIsRruHQ==.jsonlz4

MD5 c8ded7bb38e05540fd21852763add39d
SHA1 13756de86e660febc3716ee95f63de687c84d50d
SHA256 ce3fa1c9b679f4563b2ce5799b46e9eb7afd5f04199ba121e161aaf632ce6a8a
SHA512 d959626d1c6134ef5cba319941010124663a6f8c821446bbbee67e6853d26ed8c3f8d9744b9e1151a33cd6d2887e6ff68795ceb946a7bcd214643ecc7cb96b49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be47ec4ec06b46cff73f2600b053c780
SHA1 fca64cb4d021af4796fa538ec19144cdc7823728
SHA256 65818a60081c12e4100bccfa49a61d8709f9f2113c43447264a65ad31fa64b2f
SHA512 76c35c4512eb51392f6428c5893bc2752bb89896a61535a79c20070623234ec7b9dabbf13a65c5d821e95bf68e32875388574b083c7fc8e8cee37d9364b51646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1265568cd0f53d45dd32d31f6d43da63
SHA1 618dfc031d1abdf5a05890ca9a50eab7d9b1b785
SHA256 11a71e506ec35b228271f14f644270e7096e6fb02135ca3ae30edc46456dadcf
SHA512 6d54704b669bace7a7aab4423ff533b034d105e2004a5e4ff93cf72d1cbb54f110479b440a2e173fc9c8de1529c48d09f137f480d888bd12b1813067b0135a5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ff8f7a4b76434d737171269bb3ef7a8
SHA1 e357cce881de27d94407ce4723f2bc54f32c216c
SHA256 85c4e119887f8528d77aef0b75ddaf252bcd688ea1a55df17c316ca3a5256fa5
SHA512 9f3d68207f793c0f2148b40248f980188cdec3e209842c11a12ab90f53c6f3779f7a39d849694000caac7853d8e41a0b9ddb2b53ea6a6c69e2c0a455d98d164e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f0fb92cf50a9d061a5ad4d318ea95ed
SHA1 06c935fb2e245b836871bd78fe4cf1c5bf67bab1
SHA256 7c6972215edb1e82994f1b0bb6a88e17bcb5b06d54e8e6a10d693f2993b34691
SHA512 7243cf7f0f2c8e021b8d9e36d56565c185729f64d84c022283b3ad96f6558cd988377815e6f32904c3d488da65c44283a644038bcba74b66dfc63c598136d9eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e35f1f687ed2866b4b969a99a3614a2b
SHA1 5b80ce1771fda996d86703fd6de06f19d882b044
SHA256 2d08a8be4da644eac615f1696c82f22862a1a909bd37e6a8b1df7aeee9567dd5
SHA512 c006076eff8b0b33b5e411438eb3bf91bc5b66363cf9ba70d0f5b5fa3b13783c7b41c373b52271e1fb57338e9f4887dabe76ed57c4d44dbb822731bf032e8202

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2d2ea3cb3e6d4afdc7d9cd4f4228309
SHA1 e9cbd220309a8b6dfa8e4557ae27f9bbe09a1666
SHA256 cfe710d0dbb807f53a1e663d85f8be8073738d02cec26bd5e0d10556c9089eb7
SHA512 edc732bd930beeaa7e0645301344662124c8edc44cb0a88fb3df4ef6152e28fefa28d969a9f63b3a48490037efaf978d19ab452aac7a80e1f1a6a20ac9607b02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bf032a4121b78e113efd73c23b920df
SHA1 e46e64b427ec2b61a8e66670a1c9f8cb18bbb207
SHA256 7de1c9576e13e3b06107fe3bffad7398cbb5766fa1a113e670b5972541751b21
SHA512 8ec851e0b8947b3c81ba294c7b532affb58cc521b0959d444acd571fde199c4fdfe46f31998d6c072112aad5932209644ae6033b49fa6d5777779a90a4c42fd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20e7881673c5b16f3eb11113eeded857
SHA1 3731c05d48bc549f2ec109c973126aa236a07a04
SHA256 951c83bc593094715ee43512942225802ea401a977b7ed02d291a28447101aea
SHA512 d2f1e82e2bbed8f88f19a0c6041f0af2b0200588ff8de24662d87f29f8d2854fce0ce7b1f998f122668b07a4690eb84a4be99726ba6bcd267c97ceb0e606f512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f468efac88dd374cfa2251f99ee67c04
SHA1 89213357fed9dcd40cb6b788feaf75100ca8d4cc
SHA256 c13deeb4495c4613a99b43d0ea6abba3003af7672d72c7dbaa4c57d0996f620c
SHA512 f875d269a0bc72fbfe9d3bc8ea5a606403315f4d608a74834fdc2045528b23050d8be0c19df553cdd367ccb987fc8cc34ac87348f66f566d8029660be85d9d6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 207c349ac2c7bfbead6137370c537895
SHA1 375367450c8f356c4bf3ce7aa384791adc291ee9
SHA256 366337eaa47e42fd412e4f6c1b1c00d2045144c7d85a35cb544ccdc5ecd556e4
SHA512 a5a30fc94f2689a8d035662ff603ed0c275e4fa763cf37325c8df4df16efbd3c8b717365dc79a5936fa8e8c9a5a711cd1c8906643ad94c7eed6ae655700c4cd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04c7a2d60aa5f408a96b7ce101ad478d
SHA1 097d90129d9493ea60136f762e9204a47c2c8d92
SHA256 184baf1092fad1af694f303a1bb1dbb3ddb71af37117b121e70bc63e5ffebf54
SHA512 e25205f9da4b19f27db64927321585fc2a5354b5c8bccb9fe45f1f3d45d8fd54aa78308159cfdbf701abbedcd9bd6f61a810e52fb086df06e527d233ff82573c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd7d768910bf8dfd942c9782f2737214
SHA1 ea007032163e2db3b2420523eb51be6a6105ae71
SHA256 3d7711c87476e592c13be4b6952355f6921dda9a3efb08b4e65b5d51835f17d0
SHA512 b8d98c6301def5a5a1fde33f327c0154d43816d4c4838fbab5ff3929f8d56cd3e66eee4f8d24e2b3058a146d69ffae945ca322ff92f99dcd94f6e932eeb79e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0b3b73d75dd2602cddb2f9329689d88
SHA1 470a7a8b3b5ac6254b0e989733a1869f6104c01b
SHA256 481687d9f9720c44994ee0f56e26aba063d531567095fa9a8018437a41a42fb2
SHA512 ebc38abb04c2b86bf0f6174bc26e492da06a95aa1c90a46772ef1349c0563d62393d4ad50cf13cc631fb97eb3d22582ab28e63bd2ff6bc36ec036a95a6b7811c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7d7133a6669c464511b48ca4013fe85
SHA1 2ab79510410f8e0c9a93adaf727a89e3af917cc7
SHA256 b9ee602e8069ae87d05a659a88ba7298035033a0dc1104cccb161d32e5064a95
SHA512 22a9c323cde361e34d281849a3c01e236b392f9a7bc22e3ef84de6c606529fb0f970f59252fb89631e33dd7954e83b43784cb259768158b1c090677843aee664

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22ddacfd536ce2f3a080f3cad924d60c
SHA1 24ce4725c297f9dbf976e500a86e06eb67cd0237
SHA256 88e0f26848f573ebfcc03db861f6fabafb0f8f1a299c256d9168f3789690c2e2
SHA512 88921778374d180995abbe0aca4278392ea8b8112865128eccb38476bb4b22f17dfa685704dfd3e43791e59c92e430af959a48fae081ecafe4e471f4787892ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26a1de386600801d26235228d0b7976e
SHA1 7c88cf65d66a8ce239417672b97da89e0c8a0a51
SHA256 1a076ec75de3d781a7a23b8ac8a5b8035b51e0b9024c76531d8e85df79964bb7
SHA512 d5e68e8e892befca7b25ddbd33ab754c270ea696daf3446003488f824dfef9764769d5ceb97a9d32e0032fe11ebfdfc8462bca09d669b4b559692ddbb262c3a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4ac67146024dfb7a7f3fd5096f26bbd
SHA1 39f5613a62412ecae419797b5274ad18dd4e3c5c
SHA256 cf00dc598ff9bad51aa18ced9a9967ed3fe50a4ca2962653fa4543c5efdf5504
SHA512 d00f3151c5e0b7f749c0a2d67467ef6a123d461938e65e48d2113415658a5c409243441fbe700c294e2fbd8aec955e972f39cf575cf503ce2deb9ab3a07ef225

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0666fd51f585d66e1cd5dc488e73ad0
SHA1 8830f9d1a8f24454f8f78537b934106adb1e43fe
SHA256 c4c36b31bb393fc2f3a3075f1da52dc858b172a6e4b24e6e63c6102ff85910fa
SHA512 6179a378b0fe0686c54d2242e716b428dd37aa795a6a19748fb38d890f24e77b3357151c24f18eccd0b8a8804dc81e91096c7e08ed3087e83f9e29a1ad14ac25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72126fe27f61e6813c4f1f8e8a0514ed
SHA1 a938b54ee977fe9d1bbe70318743e8c81e376435
SHA256 34f8ab338a6c2f810904d9b3052e8b4299e340be356b138442d121dac6718760
SHA512 bae0c3fb4188c55f0d7cd5a58ce705a4b69f4694311bf855bf071792e200f4ff00db9d7384764017808e51a01c2436c4edd63c999f86395a043f3f4962dd0bd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4859a559153dc231f9d720d5f4c692de
SHA1 8d68b29c7ff6813c327f9965492a200a9beef046
SHA256 0395324ac4d02733226e37b65086e8fb247e6d4accc86217ca7f41ebf91a1545
SHA512 4d07c63a0af93a60c9598ed92d74d85391627da8e2b4015c4da5d4d1ca33690b6370865b78e4048f90ebdf200f3cce78c13cc26529edf315562e80dc7812e4be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56da43cde7b4401180b6cba459f7ca4e
SHA1 c40da30c5b68efaddd1ac8f938cb471f3eee9b21
SHA256 e2cebe8e3f40374fc5ceb1d5a4189065c611dcb6edfda53fd6179591a7cb440f
SHA512 e70d25ec07a4b8a37f6ad13bed60b71123c250e6dfa61f1647038f11c4621774c735b3e74895e3e1a2efe4d17d193bea0fd9dc8100068bdccee67fbc3d65f737

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82b76b0af13697f1ce1319388989eb11
SHA1 fd1ca10559e7d8f0b04e3ed8534aa57ab05f9434
SHA256 f9a679e8a983aa2fd221ae0864e498a8f293e2efe40034c2d13976b87cf22a01
SHA512 441847aca325123dfa05bfdddcf08153beaf4fca1a69a0c6794cbd5d663444c1565b084bb8b5be1a9942536a5bd564fe76f4b9ec86d1d237504a28ea950e7943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7877a2164a1ffd54cb7ace67f86a2149
SHA1 5426df5c8e7e29059ac6dbec3798951c60fb34c4
SHA256 65e77c41d002adecf7230e04cfa17e0b1cc5929c9b86dea4cef850fadf5e82d9
SHA512 94b11e9605d3133eb3f2b3ab7fb304e894d7faafbd61ea37e0109d93f439ede086177b146cdd9fd81a25f0adabad4ff64bb91ef353622c6df874c98fc8216e54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3817a82bc46651ef98730a012c822d9c
SHA1 ff97e6bdc08b7672135a538f5d85addd4d047fd5
SHA256 35175bdb9ce5494e718f32a1d6b6a6c9e3ba0292cc6218b8484811b84a30b81b
SHA512 ad0eb2e9c2a5a3003e135d4509b8b9ade5ec35642bced06a4e568adfb42f4da94882898e8c60128acbe815c510539f7acbf63a7c2b90979c6ad00b3bec40960f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fe2bb559de40bb064ca8601c289698f
SHA1 d05c1f1bd108b228383f25841f4f3a3b2506063a
SHA256 67b6dbe4c211f8ac476135e3afb889d2479e2e7549beb0bb7bc2f15525af8aa9
SHA512 91e5a202a4f93a3696ed7b71dffe112bae6f5026f6577b559569f3c6051f47dca2b2c62ab26971a8fb0430fb66bbc01d86d3cbd7d09c716173db833ec368881b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a3409683f7191ddb28745b4f5f9f7c4
SHA1 dac8044f6e6197af3c100b956801732e47a0c914
SHA256 98c52108e8e295b5b6fad26651f3da40d818aff4ee7cd0c55946f151c1c8ba0e
SHA512 2bc8c68f8988f6de74a18f5985a95c4b537416f1417e4fd914be8187b468cc918415c827e679722dd0a593fbcce37d05019d1e2a119ba80d47c494da4211691f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85318d2ca959b8153517c678e78c1626
SHA1 83321a1af9cdccc669c3ec1efc31656bde838dae
SHA256 5bb4cd75b6fad393dc2ac712ee3455fe2268cd50a7052a48c27ceed19bd6d9f3
SHA512 3908f7490537ef2e70d69f866066215b1d901373a9fc465365931d314a1713d4e1c760f70125eda4b0c956f2e56c2c7fba761c7f06de8a9ffaec722ba564c3be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e245d709b93e77a8e7aaf443d46f4a36
SHA1 80eec59438b47dae5ff119e09f62f1c382a64a7d
SHA256 016079b5f7e7eef8212851df4838a53ea53231a301537063e569b053d008e29d
SHA512 e88bce6b3996713de080659f48a6ee5b5e40050fa8507e645471ed9fb0b96bcbcae72b336160999c5b6d4b59a892e24a62601f61a887610e85549b8dd4a5862b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c905d037ba47ff5fc81df06c9dbd9943
SHA1 6d90cf3528cbc687e085d8e21c87c655b010312a
SHA256 489bcd55293919958abc7c196a9f1a058bbfe803f860b510652c585bd640915e
SHA512 6a859fada58a427208ff8b2d9d06ec245e25b37f06dd2a15cb663abf0a07561fe4102ed1d961643b223e51781ab59c31c88bb7a359cf5197a5ee16100e5bebf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21156fd1a5154cf70dab90fa711690e2
SHA1 55064ce2c84db013a6a5e1ba74c8904269163b9f
SHA256 19f49b33ed8f3af5c4c7a4aaed9c1500e41e5d8b7e88a7618ca7024ff9a3fe32
SHA512 f3c86e29d485e220e7d9fe50ae062b7d87c536958dfe39db4044f92e6bac54085f5ba7857a8adbb004106395e72e4dc32450cd01634150d7a1bc02192bfa9a81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dba2f5ba3b60e4acd7e5d6ce5d511105
SHA1 5cc048f1a7aa334b9999cea4f6967f0189c6a802
SHA256 e2eef6de33e409818dc4976fa4e1fcb1e8c63e3aca5f18836ce20cd084707464
SHA512 831730c7dbcd8e9361ce964f895754997391a6b4429d1fc0e9a0221194c715ea3d15fe438fe9deca5daa1c48eb4513045594ac46fa5974fe9288f9ade8b09226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa5983f83f4a6ea64b135f936931b4c8
SHA1 3061dca5e807c4e238fe497965275a541f17ed94
SHA256 f873e88cd4aa1549c8140f6ced1c52a60eae24e53a20d6b457c01688e1fb7310
SHA512 8c7253a2c79a1463847be1857eaee9791261e200bcbcb776aafc1d953a318f5a0551bb33f869ca37550e3901cea263ab7f832f7bcf2d39550d008a8ec195cda8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f98373fcaa93c94b53f3e7f43c752b2
SHA1 d5e964be02f8df983d7e9ec0eb78b6a65b3a75c6
SHA256 d778ca32d5cb342536acc7a0c0a40d9601f9b1aedae81bf27f3c6317e9158bc1
SHA512 7e5e5ba3e6eae30d8ae041923c18814fb3cd498f9fe7bde35dfd070d78dd1fe6ae80a3ed9adb6724bb023c90e3b70946214a0398adef308e6ca14112cc47394a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7d741c9cd050bc75b0d7c297170a6a1
SHA1 4a685aa2b3075df41d50177d1bf024bd9226602a
SHA256 3a5deeaf3a0565bce9cc47d5d70a29db3fc18373604ccea826dc5bfcae3a60b4
SHA512 62e327fa55af7190d5dee28c5aac7c9930146dd31e80d0af432e7a1e02c25c97ec2d020476d680dfb6ba9f2de1c7b0a251dbe8babc25504f5d0c73e19af0b883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ce7d71da668a758fd1798228f8bd3b1
SHA1 2c6bf0021e4fb7feda488f2b6b927401791cde0e
SHA256 99b6fd4debdf300c1c717dbdaee339b87b7eb2b48d0566f1e8605ac74f80d763
SHA512 11d78e1f1b850f2970c376e27398245e55d2b8d75ec1010a361748fb1c93278ffb25148284c5216569304b92b62b78c83eabeb3dc914f67931eff3d997abfad4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bf25bca94bf9d33cc894d4f63b5c913
SHA1 35dd6aac875f56622ab8b561a416887780728d3d
SHA256 66a96f689afbe6c28b5b8fc643b214d7092dac5c604b97a684fafdb530774084
SHA512 90322f0d5e94428f583c3d2defc4aae4b50fe06ee0863cdca49c1a7fca0809571d4e2dbcad84549bbf8e89a6b3b4519b10841c080694274229430e054a7cf601

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a2030a82cab549ede1f2cb56ad9741d
SHA1 9f06aa0d7751f0a3e6e66fa33fb4743e3eb9adbb
SHA256 bcd791d55449f12f0fd2986f3f9a097ad3b05473d63a45141cf9dae019805f05
SHA512 163c412eda8d2ad4335a17efaa31e9112d00e68705dc021535d8b82056e48305e5d80e4bc9ed80bbd3c1e068ec2e369f7ac09aea955755346d3d9dd7fb30dd0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 145262c326f25da2cc42cb590a275996
SHA1 a617b6cc405b637ea0667cd64c21284bd0c5190a
SHA256 4cf515f8206995e1b5873a45e1df29cc33940c6787a2cd0cd5bf5f2d055967a9
SHA512 2d0aa5eb9cdbf694a9fa060af528bc30a3e2679b2f51cff1a7114471a5c91419e7ab79db36e037e643191a9581929c5ca49aaf0e768362ebf7ddf6d4d7d02dc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ccb7bb2baef7fea94f3fe7c989fda617
SHA1 88bd6482774f6d6086df58563e5e0520197ec428
SHA256 471c70a4afa07bef76da118a6afef12d032bb1fb1d37e1e5569943001131d1fb
SHA512 40b62994c3f3312b53e770a448641df3e9010c84f53ac1317b93900efed3c339551da19d45e9768f2f18e1e82d8090dfac4bd57fe1009e9cc0ad7eed3ccbbd5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33085d501fb48662738065d5e1254c4d
SHA1 31f207f5e7f0163db65d2f3e32dd744be07df6b9
SHA256 e3fd8b09c79bc3d09e4d1996c668536d4ea8f737421f45159e6dd2a789bda9f6
SHA512 d5cc3c683017c3b699c59bbe339a1b325e993417144538ad9ac4181eb453feaad6b2a22e9ead866376130957f71d8d2f06b881e05cad182617efd840703cbd41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0409de581368aee584c48058349c3374
SHA1 107b8839ae053851fc96f7059166f60acf3235ca
SHA256 1e37af664519a691f3c9fbb5224cb9a4314869bdb3bab1a826e5dd90118a2fde
SHA512 0d303458ad3a46ab8702c221561d4aa1749df3ff4e2ec88031ce024b486c9e54b7e927c8ae5eeaa25d224f21dc3f56007a78d709136904d86e806b3d3a867f0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 143fa00233113a1abcef43dc66c280fb
SHA1 d40b4d95f878f4a4e5d720a7a949f49d2ac4907d
SHA256 cf478ade0faebac26b38dcab2dad8f6efbd10946317884a536e2ae44635eb6c0
SHA512 bbe23bffe4fc8c4571324a384d96bf48d21f87e0c1f00ee76546726d1d895ea52f5036b59f7a10b3e1cefac68d9bbe81e3fed989465e590f3b94209384568952

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfa92f195d1d82b62914de53f5fb4579
SHA1 06b1230bd1e68e7fa8dd7ad3406d331f0cd5b1f3
SHA256 b3323d52e0f8f1b6b4a975173387696b2fd9bd5710046b4d77c1e54810d97419
SHA512 151ff9ae311d33f216288aaf3a2c156adccb3f23a0db1a7b8815ae04861557beef6b9730d0b004d5cee7476aa105cdc958326bf7047f67c0423e88430afc1c20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2cd5a3898ea24de6552335f5f4869d04
SHA1 338661d3e37b5901ac5c2e83131b5d164de7c44a
SHA256 96912387ccd044239921ef3b9d6f624886c3196acdbd67fbb1e14ead4782e3f8
SHA512 9620dc4401ba5885361d2f5b9940106490473cbfa5083721c0ce00e2a680ded3bbd8a2dd0fcc9fd6f665bf4d1d53919570b5ec3920446cb640d5525fd0130214

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc6f85e366c7ac9424b1fb111223e6b8
SHA1 ea95bccbbc29647b4609d298dcebd1129a859458
SHA256 bfb85211fc656a6d69908469fe5c8ac88163aaee2b59b01187f7c50141a32572
SHA512 0eaa272dafcad413adecbdac1d544b1a494794341206a9fc56f7cc29021c5287b101d57100b2be33992fde6d8ddb80f008d9a16ae1df42d7d7b32edeb486d70b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6f753c290b432c5cbdc76f6bc528ac1
SHA1 44676905f1cf8ec1dff9e4f02e72db7ba5eb4298
SHA256 52e48859aaac12bffb671ebf3f9310720c83d6724208663b8d2f94eb10968949
SHA512 705074ba9569491d3e093881ae45f6b66273fa54403437060117a81edc683e3f113af94b106cde337147284ff51516ea3e9c0f4d1a3e6fe9e9a493ff0bba6b8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32fbf5160861d8420ee6cd9150b92140
SHA1 311408bfbb9afa6398412e37ebb6a9997d27ee82
SHA256 b6010a9aedc74bc8df5911ee40e2ba73bc8a10e80704d516b3c11033f39cabe0
SHA512 aab167157f5de26fcef0bf67f2a42efb07d7324214ee5c87a5beddbb689e6fe522da177f8fbdf77b74d541d63d009a569c9e96a070038b97a5e804bfe50240c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48e4dca0411cb87f24ec2e2620811195
SHA1 af0f02f3770ef6403d1cdfa60ff64a8225024870
SHA256 69959e2326fbbf398c9012aced9835dabc25e537fc89274e2cf26377312b17e3
SHA512 5045499a2c41f3300aeee71fdcc6bdc169117405eb4df815ead7c7b847cda6204ed28df5996e9392d455b2b670bc3863d623708ed3fc978c402e1d1c5cd14397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b82b6d8a1c703573c0b5dfb3c9fe1e65
SHA1 576fe58037dbcc41aa99de8b3d5721b9fc741ba4
SHA256 203bef6a14729c1edf395928ab678638bd3e0ec56c1351b77bea94890cacad65
SHA512 d74c2fb7eec55276dbc8c3371412d3b6c60e5db89230fdec618b3bf9287c2fdae53c216c1940a98ca7b08096ed0da30e5164ff6b9206a1eb2e1d456b09e6141f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9abe3e726c995c846d686bbe771018e5
SHA1 f569e4e282460c9f4adc72c92944b57249d9981f
SHA256 768b8e9cd27cb370fa9e3881f8f18c27c427f9f34676384a045ba5e0ef3bcf30
SHA512 2a7f4dfbe7186baba7b8b74888d5ab02f627d647429a1cceef826e337a14fc3395c141b2c9309ac5b36a15755d5abbee6e93f3b253f9ff089a341edb9358c0cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fabf27d7905ce453ce29206d5b4826d
SHA1 37d86669bc7eef88087053454c1829c98bae6d64
SHA256 4f702eff221f4e6ab77acdf2c35b46e0aa32fd38d015553fc4e96db4566a85a7
SHA512 97d17602652e7a7e57d7a5464edd7fbcdeafde225835f987c65bf4f5064cf614ee153e33cab1272bc430b3386cd7b00858318c7d645fe7f9e6e642364eac4072

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfdaf6893070b4511c808a436de5c6ad
SHA1 661d3057bbd311c6e8b70fcfc1d43cdd64f1b0c1
SHA256 9015cc0cb16eb29546ac8fe162525fe90f0af981e1dbdd8f7e6e3c64c26a24ca
SHA512 ae9a2dc8cbc36865b0668e08af1dbfcc513c3de5fbf2006fd2538e6033892312a2f913fb168d3f1692ae93fddd4c041820750a60706b31a7de7c0771781c1130

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1b39dc07fbcb80a11f39a3cde292650
SHA1 f8fe1fb826d9c61dd9d74b15b106a049b4f9727d
SHA256 9fb9e0a6de018449cae3ffd5c818928dff20c6342d8d590ffb66fa4e9ea181e0
SHA512 7027eac23c92a111e4961632202cd97b39ce5a540d860506f5aa9d6b1ff028be87b764dd9ee488b96b9c3498fcd8ac67a95e1ca83aa29742107606d6ae7e81ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c80d07642206056429a56f05b457f57d
SHA1 82c2ad028b8fa7728d2a31675318200dfb511ae8
SHA256 eed25385f417f5ea87aa49b69043dff9eef54f72ecb40dba691ed84e6149c76a
SHA512 bdf8cf6afcbfe4e7f7540a3461bc8008fd858d30c8c1c34028bb2196dc7be72ef26a1b91021222e05a01de78883870a78a02128b21bdd56df95990adc614b504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef490c366fad6dec0b1a55f4b4861ff3
SHA1 226d78e82f1ba90bf7a98bfefa38fb1fa3ec587e
SHA256 49eed7029fe72b9510ebad9310ac22de5e99e6253ffa216dff4258c2f5b3ffda
SHA512 5e415ca3ee808bbfaf557360c789f227f50159142385d923b0796ba31276cba0e585dc2450464c81ef47352e618a5623877cebe664638529c335eefc303a1fde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c45fdaa6229e476a401b61c1362d0d7
SHA1 3e6d1c434c7e1a6027d967d8312d50c79a72fc77
SHA256 3b11f8776c0f4bc618841a8386ced1c8b0d335d411e573761d106e80c5eaddb0
SHA512 b749afc6e7387309fcf8fc46c47640cfe217425543e57edaa047eb99b34c602c2e1b3934de7a40e09ca7f92ed104a0349247b34cb9d5e9133235bf9d1b672e85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e18ca0297511557dd9ac7e49ef3924d
SHA1 6b0420451b6afe7580a6e6283c022ac0dd77ff20
SHA256 06170d1a0f47c8050a9ac31342c4979d551c29dc9826bc107077631eb9ecc635
SHA512 d1a6afd6a4e11f80e9473c07c317ef4ef2c5d341e50ef975791267f7e92e75191caed85c892ee034521711433b33e69c5fca6cefcf608cb0ad2bc5a45cd18160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b838c3ab4d3af38d19c4540b6d4162c
SHA1 4f57ff6d2b8518975b683299d9fc7271ed426d70
SHA256 aa163ac11ea37ad0bbfc10c3d4e618d45a296d088d070aa38a35e390cdf63ed5
SHA512 08f126297380007516ebf30446c92593ed0b9abd66d6c79830ea7fa6e05917cc2d7cfb47b70e29fcf3478100f0af6bbe54f3d7ae1e1afdbf27d6aaa1880cd990

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ba4bf5a67b491bc577aee3228ce080e
SHA1 b2b82a4bea686da1eda8dbee8147691e5dfcf894
SHA256 ddec6795e648c21ef7941fd377eb3b11a6641c538fa90308c2cdb1587e6c506c
SHA512 3541dcc90f66586fb27f50fe1bf643b7de52a65fd3c13ed810fbfce9b4b04236f0ff6e6045b532beef21f88d5b0c99d5ad3899621a6e4c2251dfa91b89df35f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 974992eac1716260185de0530049959b
SHA1 5f8ae9a5ba46fc365b6a6a53e7490840bfec4e15
SHA256 050e081988058be5c9321e489f1008d4c8eeafacb57c59a1a7aee2af8650abec
SHA512 5f62359ad858dd3e38a0947e03c6c1be274260479ae2d4d502b9ee125e736e452f9b900a81415a471c8558ab35b48020b1ab1cf449bf3b18128ddbe765492095

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c771955f32a94d16d7ec77802341a7e2
SHA1 e6256968e77c7c69ecb56c3a48abc64f32879f28
SHA256 14aad5f96ccb86cc0b1f5a6078ec282256deeb7d3a4e21d8cfd1b5ac84029b58
SHA512 e31d1f02399c76ba91c730feddeec046e22ea67f4fd272747218bed61787181995b7f6fa630f6764222f98a07972effbb1cedfd6425505e3fa7b8048583938da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8c1c8a8e4ef60feb8129e4eb973f692
SHA1 9280dabb98050c94b8dbb23990b03b7d555b2f71
SHA256 bc33d76b0acc3f9128a4e53ef964f9ace902dd135e081f3cbf1d02cf8e828431
SHA512 57710f2a364ed9e6e9171386300c382e9cfee27d310f2d4455a8ab305a981920e5af78a3efa5f9c62297983eeed362f70905fd4839d5bea05be7296bf1f787b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2221e2851d3416ead094504dfcd49351
SHA1 7673998364317e7393b8e51a3511724c03d2f3c1
SHA256 28559d9883b534141bfe8372a0ba76c491ad7e961c35779f8b25e8c4934a9d0e
SHA512 6fd9218ba462e607f5c63a623eb7395c70272df39f217a14aff229825a164683622f72c6b7f8e3d7af0dbaf59f465db1c9c4ddb77301cb9023b2e0252022785f