7c99df3fbb34e518ff75467ac763091af86e084ee3f4eae922344fe876a56d30

Resubmissions

19-01-2025 10:59

250119-m3gw2svjcw 10

19-01-2025 10:48

250119-mv98matqgv 8

Analysis

max time kernel
596s
max time network
598s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-01-2025 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6617-rocketleague-ssl.png
Size

39KB
MD5

a27e3788dd7e0171d8a8c8ec93fc962f
SHA1

57c1d8e31e629a935e7060964acbe8ad788adc52
SHA256

7c99df3fbb34e518ff75467ac763091af86e084ee3f4eae922344fe876a56d30
SHA512

4cdf6346f7d2c49f7b68d8ac9e2ff45f946d14df84007a8eb95d561bbf2b9275458a3fec797c8b275b83ed7369f4c6f807bfc2069cf44f36a76db8bd698020f5
SSDEEP

768:OwntOuOYffE0KpBuQktxnH0ZbjcrqgclyYnvZpkHzj0TfcbV6LjZOCJ0RSovUYQx:FnAuY0KDqtxnH6booyYnx+TA66f70RSt

Score

8^/10

defense_evasion discovery evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 30 IoCs

pid	Process
1392	tor-browser-windows-x86_64-portable-14.0.4.exe
3204	firefox.exe
1264	firefox.exe
3232	firefox.exe
3048	firefox.exe
5272	firefox.exe
3948	tor.exe
3080	firefox.exe
3924	firefox.exe
5304	firefox.exe
5152	firefox.exe
5636	firefox.exe
2456	firefox.exe
896	firefox.exe
124	firefox.exe
2888	firefox.exe
3240	firefox.exe
1852	firefox.exe
2420	firefox.exe
4160	firefox.exe
2668	firefox.exe
5996	firefox.exe
1720	tor.exe
3392	firefox.exe
4012	firefox.exe
5552	firefox.exe
2936	firefox.exe
2396	firefox.exe
1052	firefox.exe
5568	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
1392	tor-browser-windows-x86_64-portable-14.0.4.exe
1392	tor-browser-windows-x86_64-portable-14.0.4.exe
1392	tor-browser-windows-x86_64-portable-14.0.4.exe
3204	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
3048	firefox.exe
5272	firefox.exe
5272	firefox.exe
5272	firefox.exe
5272	firefox.exe
5272	firefox.exe
3080	firefox.exe
3080	firefox.exe
3080	firefox.exe
3080	firefox.exe
3080	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
3924	firefox.exe
5272	firefox.exe
5272	firefox.exe
3924	firefox.exe
3924	firefox.exe
3080	firefox.exe
3080	firefox.exe
5304	firefox.exe
5304	firefox.exe
5304	firefox.exe
5304	firefox.exe
5304	firefox.exe
5304	firefox.exe
5304	firefox.exe
5152	firefox.exe
5152	firefox.exe
5152	firefox.exe
5152	firefox.exe
5152	firefox.exe
5636	firefox.exe
5636	firefox.exe
5636	firefox.exe
5636	firefox.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.4.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 60 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-14.0.4.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Key created	\Registry\User\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\NotificationData	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 22119.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.4.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\d1c5566a0c2fa9885e376c1016922550.avi:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2988	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5824	msedge.exe
5824	msedge.exe
5080	msedge.exe
5080	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
5236	msedge.exe
5236	msedge.exe
1504	msedge.exe
1504	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2988	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

description	pid	Process
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe
Token: SeDebugPrivilege	2668	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe
2988	vlc.exe

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
2988	vlc.exe
2988	vlc.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe
2668	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 6036	5080	msedge.exe	81
PID 5080 wrote to memory of 6036	5080	msedge.exe	81
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5864	5080	msedge.exe	82
PID 5080 wrote to memory of 5824	5080	msedge.exe	83
PID 5080 wrote to memory of 5824	5080	msedge.exe	83
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84
PID 5080 wrote to memory of 5372	5080	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\6617-rocketleague-ssl.png
1⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc69113cb8,0x7ffc69113cc8,0x7ffc69113cd8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.4.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1392
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3204
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2480 -parentBuildID 20250106125732 -prefsHandle 2448 -prefMapHandle 2440 -prefsLen 21009 -prefMapSize 252133 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {29938230-80e3-4d0f-8c5a-104dae7a8280} 1264 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3232
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1820 -childID 1 -isForBrowser -prefsHandle 1868 -prefMapHandle 1748 -prefsLen 21821 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8d192a57-6876-4edb-8f7b-de4bccd70507} 1264 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3048
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:dd1624d3a1bcd049604bcbdce4f7c760f401ec5bffc4aaa13377fad36a +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1264 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:3948
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3368 -childID 2 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 22589 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eddc55e6-fedd-49d4-bc6f-b619ef6dc26b} 1264 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5272
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3776 -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 22665 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {8993754b-5bad-4b18-baa2-bc26a6f0f580} 1264 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3080
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2112 -parentBuildID 20250106125732 -sandboxingKind 0 -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 25283 -prefMapSize 252133 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dc3b0bfa-3ffc-4bd4-86f9-d14c4bce4e5f} 1264 utility
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:3924
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2380 -parentBuildID 20250106125732 -prefsHandle 2116 -prefMapHandle 3192 -prefsLen 25411 -prefMapSize 252133 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4cab9a69-612f-4f43-aeb6-4d1205b6ddae} 1264 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5304
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3268 -childID 4 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 24349 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {67646974-20cc-412e-91ae-78f9f3e2a2ca} 1264 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5152
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3560 -childID 5 -isForBrowser -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 24349 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f27c9406-4bd7-4848-af96-168a0648d3e8} 1264 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5636
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4552 -childID 6 -isForBrowser -prefsHandle 2084 -prefMapHandle 2088 -prefsLen 24349 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {47ea9e08-3a63-45f5-8057-2381371c8edb} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:2456
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5000 -childID 7 -isForBrowser -prefsHandle 1732 -prefMapHandle 1780 -prefsLen 24524 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f71a0c36-6bea-4b43-af5b-f764fec290dc} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:896
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3392 -childID 8 -isForBrowser -prefsHandle 2280 -prefMapHandle 2268 -prefsLen 26060 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c550ae68-b6db-4fff-8c4c-91bcbafaf256} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:124
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3460 -childID 9 -isForBrowser -prefsHandle 3008 -prefMapHandle 3016 -prefsLen 24723 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f6615120-8f1b-42ce-9e00-2c709bd5665a} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:2888
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=5264 -childID 10 -isForBrowser -prefsHandle 5232 -prefMapHandle 2172 -prefsLen 26060 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d1cf5b12-525d-432b-bb1e-2e64e14ffa08} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:3240
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4256 -childID 11 -isForBrowser -prefsHandle 4720 -prefMapHandle 5240 -prefsLen 24723 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4aa00689-989c-4dfc-96d1-d02ab716e6fe} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:1852
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2372 -childID 12 -isForBrowser -prefsHandle 6228 -prefMapHandle 6236 -prefsLen 26388 -prefMapSize 252133 -jsInitHandle 1376 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4173e424-bc6c-4d17-a9d0-2f19c47abbf5} 1264 tab
        5⤵
        Executes dropped EXE
        
        PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1440,10846256366516137383,8979162239117143350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\d1c5566a0c2fa9885e376c1016922550.avi"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
PID:4160
- C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2668
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2476 -parentBuildID 20250106125732 -prefsHandle 2444 -prefMapHandle 2424 -prefsLen 22899 -prefMapSize 253645 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {acd5863d-7e66-4f28-b85e-7860c168ea45} 2668 gpu
    3⤵
    - Executes dropped EXE
    PID:5996
- - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:012c4d0645d4e4e860295f3da4eeb22d835c7449fec6d50a58da7ee4bc +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2668 DisableNetwork 1
    3⤵
    - Executes dropped EXE
    PID:1720
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 3272 -prefsLen 23046 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {676dd8fc-dd84-4c4d-97e1-71e6760f72d4} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:3392
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3884 -parentBuildID 20250106125732 -sandboxingKind 0 -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 24060 -prefMapSize 253645 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {faae6886-cef1-4039-950c-ce69428a22dd} 2668 utility
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    PID:4012
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4136 -childID 2 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 24060 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c31ea677-38d6-485e-8e32-ead2ea37495b} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:5552
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=1640 -childID 3 -isForBrowser -prefsHandle 1304 -prefMapHandle 2832 -prefsLen 22625 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {06e63004-4457-4ab3-a89a-21e721611e8d} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:2936
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2084 -childID 4 -isForBrowser -prefsHandle 3100 -prefMapHandle 1952 -prefsLen 22625 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ea77ad63-0226-4300-a21d-bb427c996099} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:2396
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4472 -childID 5 -isForBrowser -prefsHandle 4464 -prefMapHandle 4460 -prefsLen 22625 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b8664408-765d-48e7-84db-7fda79a431ff} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:1052
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2208 -childID 6 -isForBrowser -prefsHandle 2044 -prefMapHandle 1904 -prefsLen 22773 -prefMapSize 253645 -jsInitHandle 1372 -jsInitLen 234780 -parentBuildID 20250106125732 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {36f5f9a4-fcaf-4463-831a-419413735376} 2668 tab
    3⤵
    - Executes dropped EXE
    PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bb80d14d24b7ea30c5ba0d11358eb924

SHA1
7dee58fbdab22be4b918e1da961ce655666955fa

SHA256
5af407da96e02442b5dd9b15548b5b2d0eed40766afca9b7fc1a055dcb998742

SHA512
c32d53d59c6e083b926ca7b66bb4ecd9fb934934333a12587f66e850b09e17cec4355064c8b5e3f3de4ea5e2e34dd4f462d93c1842e59aabe27b28995835ee36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
847B

MD5
8bd3f4d482f43b3d845d2fccfe6c97c2

SHA1
e98fc824108f7bfa824631b2e9f5af477f4654d1

SHA256
45bc96a65b9e46b4c92c60dd5a3a7572948ed6489210160bd196e90fdf536d23

SHA512
5a14097afd8434da56508382456c51fa72462e06a12dd09c489bbb8a331906524cb45e547a12155d826ef6e36a8de5c03cfa14f15844226bff83aa82ceeb3338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
755B

MD5
49ef3267d2ef1a7adcd61603878b4fce

SHA1
6e577cce72622bc338f0215b1cd85b24737c64c3

SHA256
3fe706ce7bf5dc989801b992c116e2042360c21c7b004bc4a679cd7144ddbed1

SHA512
f70933dc1e3db3bea1d98e6102bcf523e9decaed7d6e1fed9d89cfe31ae3eb697d2dfd71586353672139b1b1a65836faa76e82baa950bf52c089a09c3fb7851d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
5c28ee1c6eeb85ed3f1858cd27f9f12d

SHA1
37eff1bea23b7368dc38ef9336ee7ffb10ad3935

SHA256
f99ee65d87ac4ab9978b233282651bcba3582467663d8a0db171826fb4d4825c

SHA512
41faebc3d0c87c2ed01b85dc02a11728b3fe6449c764c212125fcb59a91b7b6ab6958d2e553607d66302c8b054f53fb16660c4da1e4a22c8374dd678fb604c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
479B

MD5
3824e7537f77772cef93be084c7c11b4

SHA1
23f30e8f201842b36ef2c23df4984df4aaf91f0a

SHA256
befcb451019ea51c1569cee97633f14c5fd2981c5efa12ee673d1f955f4b033c

SHA512
1910f1409e3d494db988dbf22a48f9f576c3b576eaf46819653c943b24cfb7580d21ed1637a064309110842ff8064f59cdd5d8892c51f76b90c8d97eb3e1891c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ce0c4e8e05e77cd4fd9c16d1da4fb53

SHA1
18fe156c786923f4b6edfba36318945c86078337

SHA256
e3e8939013b7bc5f3734954b8ae91645313b76f72254b62480be0dcb55542fb9

SHA512
d7af708f524840cdab41334a325809a3ad6e5212c7eeffccaffac2ffab874e03636ebc94ea069d68901f2ca0bedfa750b3432ac41e9e41fd8178c56c5efc5259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20dacb50aebafff3d154325214dfcd7e

SHA1
9386272c2a7544fcbd0d46a90a7866808d3b3279

SHA256
2cf4699b67a4d9cc68c5932c24d5b5b8e9099b2ed1cdb62512d3953ae37e06e3

SHA512
9c38067a4d6dbfa41396a63711d7bbe500cdb6012869407805dae150931b970b6e6d480fa466f9b1dcf9801ccfb72265b28f9086061866844c36c86dcc6ad378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fba02efacbe7cb86a65df89b1f09a50f

SHA1
b463bb7a9fc3693e33c1784368283c4a990a672e

SHA256
314942334e6a299bf25cb7fb8ff1580cc1f8a3b987c6edd97462a580f67f5c4c

SHA512
baff00060beabc6586a08e3bf9634eacaff90e082b512565349ff7d0a5d87de6ae21b1b1dc5dbb38dfa8e5fbdc9e2ed12c568ebe4a056be17ebb7f82538b9312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a476e023188e28486cb55ff3cab7fdc

SHA1
8ae3d1b325f6454c726ba542cb4d1bc31a9b5736

SHA256
b3c22de11fcaea63d2c766de829814608342854885ffd47cf497e81840d8e2ad

SHA512
9091f6ded3e3501220da605f8361666c8192166d69375f3e6a32d27486f3c3ffc979cade5106b61a7b62c0588a241713848b653c99327173986fb5bfa7b5c7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c8672f3fa40a77091c643b8f1598fac

SHA1
a1d1842fff5ad92d2f5e46504d1e025b1940500b

SHA256
6c68627e986f7de75b47923d7e59b507bacf07749beb4fb0874949bc86e244e0

SHA512
39668701658ed62c0c5f3d6d29e862ef4e0f96d2d10727b3c015121e69aff2955c9263104d16a145114797bde52b1c141a9e57081f3b75d384435536a181c729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eab86eb7f8edfb8c8f4b6c6617c77c85

SHA1
b6ef9080dc3d9f0f2d28a350a99da971bed42e2e

SHA256
cd8223adf5bbea19d388ca02c0da0e35815eece10771938402bc490f94a1d6f2

SHA512
42396edb470074265655c26eb1610e8529d03b744165ab370e6cedaacd44598c5d5d53b8e5f9978bafe050cc77c1e8c7631001ea061274722ec60cebc30dfaec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ea8600f4ea451112e84dc40f6569a528

SHA1
4246798f720fc9827b657b22df4b70bdc024ef69

SHA256
48f0aa2b15bdc7f50495767a5a8d8ad38f9821a122e92959d0121d92ee4adccd

SHA512
c7bb99f25c5f4e94a6b06bd3d594e72d41c6a609565fef6df84fe1bd3273e8665f9477364717c54575dc2ab9d27c3af8fc954ea87ffa3e081ef03397806b1364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
b247b18124806b6a907171ff57b9155f

SHA1
3c4511f8129e0522a81bfe3bde6cfde4ec074d8f

SHA256
7f3e6903067ad3472bf48bacb55325cc9985d06ae0affa3b560c02a17ff179ea

SHA512
090f3a8856f8ea19f258175f9c69e121d9f0fe33fa8812e945abd273cf68d8110f9e7029633047b29c4685c3efc8255c845768eead242fd2d9300d50b9c5c09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6752.tmp\LangDLL.dll

Filesize
7KB

MD5
9888fb6b91a680305b2a3e7b71d6561d

SHA1
4a7935da38f88e9f74f425078ee39eb6269c4e63

SHA256
81726604d47b192620bcf90d6e42ba8ee8b4c54935b0081655e08247d6b6c675

SHA512
f50755e5624bfc3a60a23a7dda012509c1e31d9772d6a0ccaca88e32ae8d4602e10e38003d78b1626464502db7ea7c47d772efb7b3ea7c3e2238bf3b9809f833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6752.tmp\System.dll

Filesize
24KB

MD5
d997606c77e880be2744c44128843d60

SHA1
92bb9003dc14ae03963f503e82a668877ca4295f

SHA256
abb2613ff851b2cbfb61bf97e4eef9d4912abcb46e04774ad84812ab75d4dde9

SHA512
714d7ce786e9fbb6f0d0e537a146a3a24aa79089669dd168b7c110dfba667fa7afb794b3dd2b93fa76e1d1771af3347a0f568cbb0fbcc8d9755de9e6e54382b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6752.tmp\nsDialogs.dll

Filesize
13KB

MD5
bd0d7a73d0fc619e280372587e9e3115

SHA1
0cde473dda5d4fda8190e6460f3229cae2571af5

SHA256
c7f2afe3a2424e71563e69d862dc027d299d84fba4ac1ba11e593361daec0a80

SHA512
914983bfa336f9ea019bf5dc9ee403af56a6c7c1d88b8092609e4026a3377daa6ef9a8e51a93537f6769ae165c264763645a363fb6a89f8689f59caf985c18b2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-store-menus\data.safe.bin

Filesize
245B

MD5
e41a948534f6e10c71ad031683c27930

SHA1
3869650897d89fc67cb56bc0707bd3edea1b673b

SHA256
69add43c45c18dc4e408430c5730ae23138d014d197ba53001a7c5bdeaf3f539

SHA512
b10e7ea994cc96246a857d8f277650c73b50aadbf6bbcc84cdc39e2742aca845f9abdf77bc722ac4351dd669fbf902a76d97c5824be898728466798a4a006c35

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
16KB

MD5
8187ec13e259aac88f1142b32c7ed775

SHA1
345a2b597b97596634325db95ebaeacc93e1a633

SHA256
f4e6e33e2755ce69c18a6315dba4e17d87d593aa49a7dd9978c2e7017ef650e6

SHA512
75834f163feb8381c61628c708ce888f994767ef58caea6709899c4276e5a0a7aa4ea830dd45632fbd51108c002a52ef5d0e01a682481783a63cdbc3676bc39c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
964a751a17bd8cb6933c61d314790654

SHA1
66afe9c5b16951ea86ff96281b0b1857589f650e

SHA256
268e9a71098363c487d529dbdd099c8fba1d8c4c22561e3030c2bd7285aa588d

SHA512
bc026efdf07e01fa5475a8daf47b5b2d523cb24a5d309ec9deb7fc4a8547942929fa388093336ba308278021a87b0afa2ecdf5b0fd0da48ab75bc7b4d15398af

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
618391efc7760627ae8c464b0250a85b

SHA1
b9753332705be07c9bbd00b4bf17821aad4857c2

SHA256
e4fee89a04027353aafb952b4ba9bf13e0f193c5f6efffd28cc45a6a8e733669

SHA512
7a562a8ed6f0984bad987218084c1b23c516e62d5a71da9435fdc388a8b33aac79f2c432b50e404c471c8abbf20f78d4ea35755950bcab32de08ea973a151deb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
ae790c53e449938dfcc17de810d14b7d

SHA1
1c82c054da37bc6a8c453ccb5a0de74eb268b738

SHA256
b7e5d2fe971ae15e89f7f3aa886dd4b17283995e92704dfeb435a21a5b92bc88

SHA512
a11c51f9a26774f2a4a2d361151b214f1f10d34dccf19fe9583cf6a1579aba32db7e2e84c88f486855b2b13d81a4c8ce074fcf157e88c8ed305ee53c9edd6444

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
63160e3a3a26a932106aff41afdf822c

SHA1
53ea4b5024ba5f302dfdc1e03d7f69bf9b7c71dc

SHA256
d225bb82dda63afbdf2a938e4c04df4a26a9412f7239a7032aa0bc17e1e316ab

SHA512
5ff160c0d9d3bdb25f473dfbabbf989207699aef9905f2a777b5fcaf9c4f8884780d603b161a9f886b34dcf6f8dae42d354e97c326e9f8080a21717368523c01

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
920f81956b1eb9d8e2fc5aad8703f019

SHA1
d3eb9ad22d8e9704313a68d6b652b75f16760eee

SHA256
46de415024cad36a2a37e8066309b691f18b55d43712b9c5fece96446630c087

SHA512
c7eab4b14bb162c92235a959c039de32e8d4bb321abc4c001e4d81f39ad3234eb731c72de8fe9330bb061fb8716064b9e00d6486da31394d0f7efc923889d5cf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
3ae6fed5b51cbd9856f2981d721e2910

SHA1
4f1ba3cb78bb44709b472ee484a094cf769ce569

SHA256
d30107d8e9e69867701117f5b607e0507c8c61d7aff50323de62ab96dbbffe6b

SHA512
40811ab365e56ee7be0be187f457660546b88596184f40ce4e0f8512cae1de08126a544f9bfbea7e9b767171cbb815d90f93520dc6856d18f891dad53afbfe43

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
303d3a3fcca9a71f164f32f6ebdbfa3a

SHA1
7550558a568c8428b559ae32b67b21178a658c56

SHA256
14a7470bdbb50041407bfff9b4f87040c4e81c6a8ce4c7b449687d79d3dbe31d

SHA512
59d075b352f1a3a1d349a1e93b63742fedcd84a202b2c80d4b12bc23b7277b75a825d2b445a7bb8049d62a55fb7376480ca219ae2032ead3745c6caca65d824a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bee46dd3-c641-4532-81c9-c850969961d9^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
405bdfab9cdefa98a2c13b2b11c6504f

SHA1
293d8c14fb0e79204f7ab628a2dd6c183c2ed624

SHA256
c466f1869c587dd130a562b018e0dfa4184caec4ad208c110743e397979f1b08

SHA512
f0d8d1538719b130f1e742883d6c9761e9ceadf68b102ff9d5562f5dd9fd3c2cc3e608437d002aaf53c78225c85a7f31795851d7f87f307b38c7099abbfb633e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
48KB

MD5
9848daadc8e1b010a61809190d0b17ba

SHA1
bcfaedf5ae3bb7d81aecd37c4c2c7268957d562a

SHA256
6726bd16b257b43f204e0150e1ef8df2c4b86f4858e5fda12ca81f8e93ee99ba

SHA512
5a9b1e3113ed2c595317c94b931828fbab79415a458bcca260de7c81c0217c061db8871ae3b7979490b5741fb1e27e293dbfe46c65962f221fe6eb9b16678167

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
128KB

MD5
d4a9374db7cb636c37253a5757076676

SHA1
de1a8b2cf1d1b7eea9bc4c0bdec24279fa24b4ce

SHA256
10e41f59f0d64f5033c7bed058c80ebf75fed8355e7d7b6734716b8f88c3fc0d

SHA512
870557053e0aeb10b7576d3cab46660b1b670ae555461c605ad98e3b6971495ca8d80e1dff508a70a5a9e00615bc658b61a544ff54ab37a91578222a58c74f2a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
f3ec6fd34f9b8a97df96ab63d7e9ecf9

SHA1
31d49f092a5589e5883dd3e7bcdbaa107e3bacbc

SHA256
940c97f57ad10fe6a781484d3cb538554b4de321cb3fcc9e7bdccceb86263479

SHA512
adbb47af494b42b0b8cf9454c5b927a560d0afa209a67dbd947f961837b3e65283361b0ef607ab67546fb304175958cad3fbc97faceea3aeac500ef091d1753e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
18.2MB

MD5
aac0cfd2ea52c5bd3a83bfcbaa6da92c

SHA1
f6b8c7f30e865a45d233b3e843f43e815cc86d88

SHA256
2e2a29e1153178b43c1593dcb5325ce1763fee62bd38aa3d18dddde6a6e44cec

SHA512
afcec780b65aa8c3adc970b2714c314fa322f3845133a96a25ace3caaa705404063c6401173f654e21623e955d0b06bf0be09c08fb790e848602cf77897b2a69

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
25.9MB

MD5
095e867b26e8760d633f3bad81449555

SHA1
877c27d67ce66257cfa34e0bcee09d2f5b49eb4a

SHA256
0156e5674dba77826474d8a76a7b46b8ed15bfe4d3b1df56431aa48c16c6deea

SHA512
b76ab80b12890666651d8981c6dbe950f417ea9b0a2d0dca496fdda373b411c83734bd9e50ba7498c0ceab8e1694d070d5ee25f194ef33ab31a88480072b1dfe

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
957KB

MD5
62c2b654a504e5e5ae9e51319b9e6005

SHA1
b8f185129557bf8cbef1640f9393f4785e95cb63

SHA256
f9639e63ffcfc352036de00e4ff6694bb0ca65a0bb8fbd103bd08f32dc1ff31a

SHA512
87e7c642fb4dfee08a8f1136de61fa5c1a4ea5588c31492c0e6e76f378466e4a891ba7aecb7c20e2a772cb4ce6d6ae85863906ff80597bf7d43fe1423578c405

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
e40d339288fdfde4d5168d458ea75c9b

SHA1
a7ddcef27f82f7a9b7b86e789fd1dde485746ac7

SHA256
3034311292fade8a24ab8e7312cfb7132153c14b9383439b527e8296fe06a492

SHA512
c2e601a94d4ce62c78aa1d9d4b6b152b02e5dd64c2bb5b1cdf435b19fb38f35da98a1ac5a6c7796a0cf28575da9fc83f4007224262d03dcda40e543e7be9d765

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
296B

MD5
b699245ef09504ebc6f7851bcd00524c

SHA1
7aa6fe2d8496f4d23f401d5867ebd174f6c1ff61

SHA256
14014e6904c0a496afaf2a7ba6f63926d16d4e8695862d3af439954434765de1

SHA512
d3a56cb9f0e9fa3fa4db87bf5e8eabf78cccc297ffbef3cd1f1969621c1bb50eda42ae8ccd40ffb06aa69fecad18c0ba8f800b501f1446b8aa454d2df06521ec

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
979KB

MD5
5417d60e40bc0174f3bd89ce88040955

SHA1
d59f30885489e73543bc6519f7aff5f69b0385ad

SHA256
451236db462f137e5211c8883305aaee7d915fc9680a8cd4538d2fd9d2deba54

SHA512
9e3ca3ad7f7d05ea48cf61bb7b0d4b4281374e6d6d4a284818d067ef9cb384cf589e54a8569b8f4d7653d0742b09d28f4e03b57548623e95e7042df86e562d39

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\gkcodecs.dll

Filesize
10.0MB

MD5
acc99a7c7ce2a3b8b378c2b575b44548

SHA1
ba2f248f07e250fca64c4ee48c3f61bdbd0213c1

SHA256
fda96c1bb36dc70981ed5dc0727e54baa0b474b8e18cc139efe73fa97c3900d2

SHA512
f8b3d84898fbda3feeeba0ebce4b0c9234201e3fe46bbd9aa281027327804fa17b10476277106d36700ac1690016b8bf0570861c2941279387e4a7c821f2afff

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
493KB

MD5
97c45feec8896cd44045ab0af88a8b56

SHA1
ceb74288f2cd7ce789e982581bee80a8a94b6eee

SHA256
48b8127c3aafd0121b36fc7401a02e248971eb9ccf05ff4b1541c97eb727f9a7

SHA512
a23e258fe0597487397ba158b1a1daaac294734d53b6d8f92f4d9e74930ba670e9c5e048defc9e0f44dd1f77ddf89019e2bfcc0fe87ed16335bd477f4e50743f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
580aa58baa0c3856810a3d59bdd219bf

SHA1
cb21341e474a6c7a3ecb24dd18b913c1fdb83919

SHA256
d8bca79d8e3422638a0d716a44406b6ac9a69d1ce1091ba15b0c92a7c77989dd

SHA512
270cb64636890f2d013531b2425ae7225d057d2ec85b9fae85a7e129f6b8190b7d3fe8f1aabce5e860614cd3ad4bce3cbc6a336e777a8275e106938ede75caa3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.6MB

MD5
c0f5b80753348a1f13a052f61c4b99bf

SHA1
71741b069b76ee65bbc31a043ddf5d5e162a76c6

SHA256
c0fd473cb8776caf8134b6a22a5533f5822390a56dee207ba7e29ffe62d276ed

SHA512
de017ea7576bc6b17cbfb43056722a844ff2a095ddd6b8e519054a215d57439a4d71ee7aa311235c2f73b25b9828fd8959b6b8d9642b24d7a64a4997b883cca1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
480KB

MD5
9e68a4141ab9cb03066ff15888386d5a

SHA1
d0a2458fee44665f728775567e6cd1b00d051446

SHA256
18252635a35505620ccc2734a756d5abbf76ba07d259fe9800c37daca4666070

SHA512
f9c65e767a80c6d4d7a03768dd961da5ae242bc8b4615a0e6315a45c77c16143458a1e86d1af8360203330d11395797e20ca334c3f1489aa970cc95f727ba5de

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.5MB

MD5
74e691ed762a7f5264e4df8c393fd7c7

SHA1
05364d3c501966d15764ccdb6f9de794d9fbc1a4

SHA256
2163807570b00f74c0bb791f9ce63a1128cf3edd4be92e8fc29e0f82090164ec

SHA512
20aa3bc067c8aa6db4197978b8f0de0e9a86dca791858636b960b9c504131a06058397f026703b2aaf392c1dbcdaf661b54ec7377e8d137b430495d06936ba5f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
301KB

MD5
b359d18ebe0a8f3a71cf2bc2b6944fcc

SHA1
d5a886f6616e83531c5b2f68e65ffc2a223a9687

SHA256
9d911c00a4240a275178a5adbe420846188ff2b82d2472b84721b26d89573dbc

SHA512
522fcd4e359ad81d09755be8d5c29b3fd03a88018a75e2baa6b33291305c8fe64dca55c81e29b94107a0784cf21e4509ae7bc23cffe8afd23bc8a8e288425e1b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
142d2d00e44d3ed8535e4be93048fbfc

SHA1
1d54cebd4ce53698ee9b7f0fbabbe404e009d2e7

SHA256
c1995d753520307028e5cb3a564ca90510cb18a14d8f025b5b881aef5d2959b2

SHA512
3e4d8aad563bf06b7d3364e6a8306380764232fc846f172de2f2c40f6a22be1d7a6efa8e4bf5003167a14f1688ba13645a71518d6def3ffe6a6359c6b4381c13

Download Submit
C:\Users\Admin\Downloads\d1c5566a0c2fa9885e376c1016922550.1QMMz6ms.avi.part

Filesize
21.9MB

MD5
c14996342eaa57b18b8cae706d08eb08

SHA1
44fcbb4f326c6096dcd1ad83d1211a86892c08f9

SHA256
7b35ee8d6646d3cec31a5b8f24c2f0ab6454cf3cff78d4b4ddd46cccff454a0e

SHA512
0f7946a951ba02c510cf59724638bd749f0b800ef8bb9d7ccb199c341643165a2fb59381a4c23654d161b47be16f12b9f542715914fa4b93739837cf6987a3ec

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.4.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/896-975-0x0000026284700000-0x000002628476F000-memory.dmp

Filesize
444KB

Download
memory/1264-661-0x00000269ACA40000-0x00000269ACA50000-memory.dmp

Filesize
64KB

Download
memory/1264-908-0x00000269A7CC0000-0x00000269A7E26000-memory.dmp

Filesize
1.4MB

Download
memory/1264-849-0x00000269ACA00000-0x00000269ACA10000-memory.dmp

Filesize
64KB

Download
memory/1264-669-0x00000269AE790000-0x00000269AE7A0000-memory.dmp

Filesize
64KB

Download
memory/2456-937-0x000001F72A500000-0x000001F72A56F000-memory.dmp

Filesize
444KB

Download
memory/3048-834-0x00000164DFE60000-0x00000164DFECF000-memory.dmp

Filesize
444KB

Download
memory/3048-675-0x00007FFC77660000-0x00007FFC77661000-memory.dmp

Filesize
4KB

Download
memory/3048-674-0x00007FFC782B0000-0x00007FFC782B1000-memory.dmp

Filesize
4KB

Download
memory/3080-911-0x0000023BAB450000-0x0000023BAB4BF000-memory.dmp

Filesize
444KB

Download
memory/3924-927-0x0000017C128C0000-0x0000017C1292F000-memory.dmp

Filesize
444KB

Download
memory/5152-935-0x000001A065230000-0x000001A06529F000-memory.dmp

Filesize
444KB

Download
memory/5272-910-0x0000015AB0400000-0x0000015AB046F000-memory.dmp

Filesize
444KB

Download
memory/5636-936-0x000001CAD3450000-0x000001CAD34BF000-memory.dmp

Filesize
444KB

Download