e045745e3427a5c6a64291ec6eb8c71f15961a5a4247ec9b07ddf040d3ec2eec

max time kernel
301s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
07/05/2024, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4.29-2_timeout_onexe.exe
Size

154.7MB
MD5

591bda036d315c52dd47d865d1f27215
SHA1

f28186b5e32ad3b919075a39ef8467381229e36f
SHA256

e045745e3427a5c6a64291ec6eb8c71f15961a5a4247ec9b07ddf040d3ec2eec
SHA512

59d8833cf13e39f3bc6a60436dd7b67aee217e79ab737243321bf209decf1e9d5e9b0c4eb6fa390440dfad7744d94e6cd8fe95dd4cbf937ba84df954cb2089cd
SSDEEP

3145728:ENU5azpUaH5sLtzPVggXepw/V0s9AcjnDiBOEA+XnNOr1XW4TcIOaya/Z:EbsLtzPmgAKWs9XjnDiBLAUnNOr1XW4S

Score

9^/10

evasion ransomware trojan

Malware Config

Signatures

Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 64 IoCs

pid	Process
4972	tor.exe
4768	geckodriver.exe
4580	firefox.exe
944	firefox.exe
2456	firefox.exe
1760	firefox.exe
3124	firefox.exe
3476	firefox.exe
484	firefox.exe
788	firefox.exe
1340	firefox.exe
3436	geckodriver.exe
3048	firefox.exe
1080	firefox.exe
552	firefox.exe
4328	firefox.exe
2944	firefox.exe
1948	firefox.exe
4740	firefox.exe
4176	firefox.exe
4036	firefox.exe
2260	firefox.exe
1644	geckodriver.exe
1540	firefox.exe
1816	firefox.exe
4772	firefox.exe
3276	firefox.exe
1568	firefox.exe
1480	firefox.exe
2888	firefox.exe
4624	firefox.exe
4856	firefox.exe
964	geckodriver.exe
3360	firefox.exe
4840	firefox.exe
1780	firefox.exe
2976	firefox.exe
1532	firefox.exe
2360	firefox.exe
1872	firefox.exe
2860	firefox.exe
3108	firefox.exe
4484	geckodriver.exe
1312	firefox.exe
1772	firefox.exe
4028	firefox.exe
4756	firefox.exe
3780	firefox.exe
4160	firefox.exe
3360	firefox.exe
3732	firefox.exe
3132	firefox.exe
2984	firefox.exe
1332	geckodriver.exe
916	firefox.exe
904	firefox.exe
2320	firefox.exe
328	firefox.exe
4200	firefox.exe
2088	firefox.exe
2336	firefox.exe
2164	firefox.exe
2624	firefox.exe
4000	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
636	4.29-2_timeout_onexe.exe
4580	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
2456	firefox.exe
2456	firefox.exe
2456	firefox.exe
2456	firefox.exe
944	firefox.exe
944	firefox.exe
944	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
3124	firefox.exe
3124	firefox.exe
3124	firefox.exe
3124	firefox.exe
3476	firefox.exe
3476	firefox.exe
3476	firefox.exe
3476	firefox.exe
1760	firefox.exe
1760	firefox.exe
3476	firefox.exe
3476	firefox.exe
484	firefox.exe
484	firefox.exe
788	firefox.exe
484	firefox.exe
484	firefox.exe
788	firefox.exe
788	firefox.exe
788	firefox.exe
1340	firefox.exe
1340	firefox.exe
1340	firefox.exe
1340	firefox.exe
788	firefox.exe
788	firefox.exe
1340	firefox.exe
1340	firefox.exe
484	firefox.exe
484	firefox.exe

Checks whether UAC is enabled 1 TTPs 8 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 48 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	944	firefox.exe
Token: SeDebugPrivilege	944	firefox.exe
Token: SeDebugPrivilege	1080	firefox.exe
Token: SeDebugPrivilege	1080	firefox.exe
Token: SeDebugPrivilege	1816	firefox.exe
Token: SeDebugPrivilege	1816	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	4840	firefox.exe
Token: SeDebugPrivilege	1772	firefox.exe
Token: SeDebugPrivilege	1772	firefox.exe
Token: SeDebugPrivilege	904	firefox.exe
Token: SeDebugPrivilege	904	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	3036	firefox.exe
Token: SeDebugPrivilege	3036	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
944	firefox.exe
1080	firefox.exe
1816	firefox.exe
4840	firefox.exe
1772	firefox.exe
904	firefox.exe
2256	firefox.exe
3036	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
944	firefox.exe
1080	firefox.exe
1816	firefox.exe
4840	firefox.exe
1772	firefox.exe
904	firefox.exe
2256	firefox.exe
3036	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 636	4704	4.29-2_timeout_onexe.exe	81
PID 4704 wrote to memory of 636	4704	4.29-2_timeout_onexe.exe	81
PID 636 wrote to memory of 3396	636	4.29-2_timeout_onexe.exe	82
PID 636 wrote to memory of 3396	636	4.29-2_timeout_onexe.exe	82
PID 636 wrote to memory of 2296	636	4.29-2_timeout_onexe.exe	83
PID 636 wrote to memory of 2296	636	4.29-2_timeout_onexe.exe	83
PID 3396 wrote to memory of 4972	3396	cmd.exe	84
PID 3396 wrote to memory of 4972	3396	cmd.exe	84
PID 636 wrote to memory of 4768	636	4.29-2_timeout_onexe.exe	85
PID 636 wrote to memory of 4768	636	4.29-2_timeout_onexe.exe	85
PID 4768 wrote to memory of 4580	4768	geckodriver.exe	86
PID 4768 wrote to memory of 4580	4768	geckodriver.exe	86
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 4580 wrote to memory of 944	4580	firefox.exe	87
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88
PID 944 wrote to memory of 2456	944	firefox.exe	88

C:\Users\Admin\AppData\Local\Temp\4.29-2_timeout_onexe.exe
"C:\Users\Admin\AppData\Local\Temp\4.29-2_timeout_onexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Users\Admin\AppData\Local\Temp\4.29-2_timeout_onexe.exe
  "C:\Users\Admin\AppData\Local\Temp\4.29-2_timeout_onexe.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Tor\tor.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
      4⤵
      Executes dropped EXE
      PID:4972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZxX53m
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZxX53m
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.0.84037243\984730866" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {c2de2a6e-6f54-433a-a334-b3ba1e619a95} 944 gpu
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.1.287359302\985520692" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 1376 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {a6567ff2-68e3-48f9-9b59-5b20b4fef82f} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.2.1028618780\234015322" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {552a2fa6-a56a-4db4-bf98-ebbaf4e678fb} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.3.370259069\2049606838" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3504 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {6b5aa0ed-180d-4c97-817c-e08419a8793e} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.4.1154121421\510088268" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3132 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {9f1f389e-a450-4c1a-b383-0f1494160ba1} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.5.1457044910\1172754178" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {d8d0ef3d-9760-43f7-b708-5249c2b760e8} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="944.6.877785987\1811449449" -childID 6 -isForBrowser -prefsHandle 3700 -prefMapHandle 3172 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {2d848229-a61f-4ab8-b57a-851e7e674f81} 944 tab
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1340
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw
      4⤵
      Executes dropped EXE
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.0.412703065\1356513764" -parentBuildID 20240416150000 -prefsHandle 1736 -prefMapHandle 1612 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {e0daddb4-2f78-4640-9b5c-ab8e774b9903} 1080 gpu
        6⤵
        Executes dropped EXE
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.1.380478788\1701030376" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {0f1eb7f4-0ee2-44be-b925-99fbfc73be57} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.2.721494646\702412519" -childID 2 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {9883c194-ff0b-45ce-a231-ca2c9494b652} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.3.27313808\1045004953" -childID 3 -isForBrowser -prefsHandle 3496 -prefMapHandle 3524 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {1261e251-ae9d-48da-9bc2-81ca958bdf00} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.4.1023850827\34451165" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {d00af7a1-5d73-456f-8983-a5617b560b11} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.5.225898249\1776462117" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {c52755fa-3622-4a65-800e-265a5d41f87d} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.6.795429331\446818557" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {7bce6727-5a05-49d4-a60d-d171eed25071} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1080.7.125907809\27568175" -childID 7 -isForBrowser -prefsHandle 4180 -prefMapHandle 4176 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {10540b05-c378-4f10-860d-658d492f6b35} 1080 tab
        6⤵
        Executes dropped EXE
        
        PID:2260
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b
      4⤵
      Executes dropped EXE
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.0.690782992\487850198" -parentBuildID 20240416150000 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {217ca28c-c513-48f2-ae42-e414061f73a0} 1816 gpu
        6⤵
        Executes dropped EXE
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.1.1951045130\1084407359" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2744 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {81dc7048-2040-426f-85cd-652b0290305c} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.2.273568626\1923832154" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {150492c3-833e-4b92-9fb1-ecb6edaee358} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.3.752028429\414959502" -childID 3 -isForBrowser -prefsHandle 3272 -prefMapHandle 3080 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {548616c8-c098-4a88-aeed-6c4eebdf893b} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.4.876855510\1708525993" -childID 4 -isForBrowser -prefsHandle 3464 -prefMapHandle 3472 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {cbde44e0-7ce5-4c40-ad32-84fbbd21fc4c} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.5.788325385\185323030" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {bcff6ed8-490f-4e5f-9b96-6d4fc6e35311} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1816.6.246235975\1302305283" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {9df14fe1-d42e-4777-8bff-d8add56b20ce} 1816 tab
        6⤵
        Executes dropped EXE
        
        PID:4856
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4SYH9
      4⤵
      Executes dropped EXE
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4SYH9
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.0.1774393434\548169456" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {3ac90e03-9c50-4c1c-9bad-9d8fd74de332} 4840 gpu
        6⤵
        Executes dropped EXE
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.1.1126131272\2096577099" -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {0ad830ba-6647-41b3-8794-3f556c0bd5f5} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.2.1536553590\550151347" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {fa9d9429-bcbb-4b55-a900-cfdc47808a0d} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.3.1916658046\380845998" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3664 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {2d4865da-7861-49ea-8e55-5885c1c47af4} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.4.2626737\1502300576" -childID 4 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {a712613e-f9e3-473a-a7ad-80e677f0f7eb} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.5.1632120223\172417517" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {47fe16a5-8bb1-40ea-bba4-c56b1513539f} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.6.1953702902\900710613" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 4052 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {c382afe4-5458-4994-95bd-264ff1dd14e7} 4840 tab
        6⤵
        Executes dropped EXE
        
        PID:3108
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5
      4⤵
      Executes dropped EXE
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.0.412939753\603554322" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {6536213e-3e1d-4e70-a317-754a287e3155} 1772 gpu
        6⤵
        Executes dropped EXE
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.1.188949520\1597398164" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2828 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {abf92b3a-0096-4393-97d2-5bf3ccc7d76b} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.2.1000967240\1693760308" -childID 2 -isForBrowser -prefsHandle 2292 -prefMapHandle 2284 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {a57787fb-f37b-4783-889a-5cb0a447bc02} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.3.1078429414\788435179" -childID 3 -isForBrowser -prefsHandle 3100 -prefMapHandle 3088 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {3d91685c-4f35-4e77-9866-6e2ea1fafe80} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.4.1111487804\723003132" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3768 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {6371cc49-ff6f-4d9c-80c2-d80a015f9168} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.5.1718931747\1148201174" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {b5e8fac2-64b7-4559-9acb-d0bf0dbdbac5} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.6.195603240\1231129187" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {8a9c585b-f256-4be4-aba7-811a6a0580a8} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1772.7.284947040\453073842" -childID 7 -isForBrowser -prefsHandle 4472 -prefMapHandle 4476 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {5aa12651-ed49-48a6-9f40-3fc1e34647d6} 1772 tab
        6⤵
        Executes dropped EXE
        
        PID:2984
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    - Executes dropped EXE
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUxx0IP
      4⤵
      Executes dropped EXE
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUxx0IP
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.0.1741161374\1564304585" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {93a66701-1fe0-4613-b2ec-2c310e48d3f2} 904 gpu
        6⤵
        Executes dropped EXE
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.1.1645355235\1300654477" -childID 1 -isForBrowser -prefsHandle 2544 -prefMapHandle 2572 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {4ca686b5-b074-4d01-a056-00c0650c53a9} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.2.1985639671\1315804875" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {7f8180c5-c199-4488-ada5-52acf0a93f51} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.3.1073981805\1147025005" -childID 3 -isForBrowser -prefsHandle 2232 -prefMapHandle 3592 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {996c27b6-0de8-44fb-81b4-23ee8059bd28} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.4.1851828266\364241015" -childID 4 -isForBrowser -prefsHandle 3160 -prefMapHandle 3184 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {93de4c69-5931-44a5-8949-e0e3c509153e} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.5.1020116898\2094607291" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {016a95a0-6202-40d6-87ef-e3e48debd1d5} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.6.1406712182\1217749023" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {1ea621c4-2567-47f1-b627-f8e3155c49b4} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.7.536374334\932407292" -childID 7 -isForBrowser -prefsHandle 4544 -prefMapHandle 4540 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {71af7f64-4e3c-4e22-a433-07d8834fa918} 904 tab
        6⤵
        Executes dropped EXE
        
        PID:4000
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerBy2fJ
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerBy2fJ
        5⤵
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.0.1154298278\1193817545" -parentBuildID 20240416150000 -prefsHandle 1608 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {2590df22-48f2-410b-a26d-deb198c95271} 2256 gpu
        6⤵
        
        PID:200
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.1.890748804\1945930804" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2808 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {1c83132f-57e8-4496-8660-b044e4d38de7} 2256 tab
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.2.849232592\1409890516" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2896 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {27d3bf29-9163-4867-bd73-c3d0b245494e} 2256 tab
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.3.59239022\1963687892" -childID 3 -isForBrowser -prefsHandle 3560 -prefMapHandle 3576 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {4bc3af7b-72f9-4f02-9255-423bf6cabfd8} 2256 tab
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.4.2007896901\1916224085" -childID 4 -isForBrowser -prefsHandle 3560 -prefMapHandle 3644 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {2deeeee3-1c4f-458b-9645-4ebf8f8c7fac} 2256 tab
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.5.1860740623\1772564574" -childID 5 -isForBrowser -prefsHandle 3136 -prefMapHandle 3924 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {00f732de-0b42-4ff7-822b-ab38d4626950} 2256 tab
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.6.1206441062\616032598" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {1cb9fc6a-c639-4299-ac53-dce289fc0aa3} 2256 tab
        6⤵
        
        PID:3884
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2FpoVp
      4⤵
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50005 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2FpoVp
        5⤵
        Checks whether UAC is enabled
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.0.687102982\1896819297" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {63d8039a-a29d-4d43-9f15-de922df751f2} 3036 gpu
        6⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.1.1810616851\1068666516" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2608 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {aa4750a0-f50e-4a35-8a2a-a8cc86649e36} 3036 tab
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.2.1287759835\714306900" -childID 2 -isForBrowser -prefsHandle 3048 -prefMapHandle 3060 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {811e5ee3-4558-48bf-9cb7-1ea51101d070} 3036 tab
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.3.324044390\1244445921" -childID 3 -isForBrowser -prefsHandle 3284 -prefMapHandle 3076 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {a12ca2fb-c1cc-408a-8cae-631b3c844b13} 3036 tab
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.4.1765586891\1659153887" -childID 4 -isForBrowser -prefsHandle 3344 -prefMapHandle 3076 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {5ee42993-897f-4013-b456-5dcb94cc4821} 3036 tab
        6⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.5.248598958\1880675189" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {8b61dbfe-836b-4e98-8a7a-dcc64b235944} 3036 tab
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.6.2070468410\666280651" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {c8e5d428-241d-4626-9fae-338a6a567890} 3036 tab
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.7.925350294\782457310" -childID 7 -isForBrowser -prefsHandle 4776 -prefMapHandle 4812 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {8753fbce-b18a-4fc8-9cdd-e0260b91f051} 3036 tab
        6⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.8.396210968\1097900374" -childID 8 -isForBrowser -prefsHandle 6972 -prefMapHandle 4940 -prefsLen 25411 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {73c0ca0f-c177-4438-a885-e222b51832e3} 3036 tab
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.9.1739011679\615172679" -childID 9 -isForBrowser -prefsHandle 4272 -prefMapHandle 7084 -prefsLen 25411 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {22cc5893-aab1-478c-985a-6bac55c47ba5} 3036 tab
        6⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe" -contentproc --channel="3036.10.1085411265\1560195781" -childID 10 -isForBrowser -prefsHandle 4076 -prefMapHandle 4328 -prefsLen 25411 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\browser" - {41ff3495-b085-41d4-9d8f-591d08d77008} 3036 tab
        6⤵
        
        PID:3436
- - C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe --port 50004 --websocket-port 50005
    3⤵
    PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

Filesize
3KB

MD5
85de06e3d4c6f39404776f3c7162c59b

SHA1
3e4b8ecebaa9c903d220ee23d367be8e8ba27619

SHA256
33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a

SHA512
6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

Filesize
268B

MD5
e50a617598b0f635e6f9ae4a9d445b78

SHA1
a372ec393dd6271bd00cf02f894152887765da8b

SHA256
c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5

SHA512
e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

Filesize
875B

MD5
26dd091069531a62061de8ca1c56d46b

SHA1
6c9daa73f096174f28f86c9bb245cb8a540f5c2d

SHA256
2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a

SHA512
180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

Filesize
256KB

MD5
2ec530a71bdac21f299f9ddb823be222

SHA1
5425aaf19c0832cda06be506e88f2435f432d287

SHA256
ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3

SHA512
94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

Filesize
1KB

MD5
d2e8aceaa00ad916618bea2eee81aedf

SHA1
28b26f0db0b4b2504a418983089795761c56e4a1

SHA256
fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622

SHA512
b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
27KB

MD5
e2e8f9cf938f81b1185086b12c5c9d90

SHA1
b67c857a7002b3262f09ffc9fa8524c58a01e5b9

SHA256
a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2

SHA512
3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

Filesize
5.0MB

MD5
0351b833a5c095852e821535974441c8

SHA1
bcbf5c294852c2d80af7862d19791b994aea7706

SHA256
dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef

SHA512
3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

Filesize
5.0MB

MD5
2eeb46e1c58ff1cce4ac2d4d725b2cc6

SHA1
89aa36e77e51da31fbbfd682a2acc91f6016d275

SHA256
e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a

SHA512
23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
8565a303ddc83b03f8662b034597de18

SHA1
ce6453779eb52055599ddba097a95ab82512ae5b

SHA256
b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd

SHA512
2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

Filesize
348B

MD5
b6d7fc9b6ebc5f46500acc52bf6c9808

SHA1
4fd8111c436d89b83890e98b4cb7d0343e568340

SHA256
2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974

SHA512
7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

Filesize
241B

MD5
48fcad918c62db97e9af1dba1d131473

SHA1
d89381594d3241b0e645033f67572a5d8c166764

SHA256
dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c

SHA512
2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

Filesize
4KB

MD5
7f2754df6a4a580b15910f449892766d

SHA1
9dcaad98563ed89781f53941cbc43db5454de7f5

SHA256
d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654

SHA512
25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

Filesize
107B

MD5
2c740091198dcf20b9c600791e2bcc3c

SHA1
dd6f376ba9139ddec20ece64da0760054133db96

SHA256
e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59

SHA512
a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
cbb1daad9fc48ab13e35fcd3621a5999

SHA1
0eec8ece735465aea259f8223762f93fb13a97a0

SHA256
8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da

SHA512
818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

Filesize
128KB

MD5
d277f533f1d77e26d09bb66764bbeea6

SHA1
082920ebe7dfb870cf94a99fc601fd5ae8b456ee

SHA256
3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3

SHA512
510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

Filesize
36B

MD5
7abc816e004d9ed0f292770cfa8876cb

SHA1
4a1eeb702543f0819ef7c64b9f3bfd53be292106

SHA256
2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e

SHA512
9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
ecb1dedf5ef99417494e424ca42eb67f

SHA1
e2a293cbba50c6624e75cdaffe472967f3961023

SHA256
cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be

SHA512
5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

Filesize
50B

MD5
797325af481a14ae243f10d5f24b4a0d

SHA1
718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1

SHA256
1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1

SHA512
ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

Filesize
96KB

MD5
41c22c9f81a84b1b0e5ee7ec2ff7c545

SHA1
d12424cba9e4e9124bf3f15e556c562b95c9b6a3

SHA256
4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f

SHA512
8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\TorBrowser\Tor\tor.exe

Filesize
8.6MB

MD5
47539d0337e97e22a728afc2638d461f

SHA1
d97b37079543b33b9b605c787945f809aed66fd6

SHA256
262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5

SHA512
3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
65aa9b0f57d72e4d70e9226322221adc

SHA1
85fec174d0977afd8c0100c9d9b53c958e1949bf

SHA256
51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410

SHA512
f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_bz2.pyd

Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_ctypes.pyd

Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_hashlib.pyd

Filesize
46KB

MD5
5e5af52f42eaf007e3ac73fd2211f048

SHA1
1a981e66ab5b03f4a74a6bac6227cd45df78010b

SHA256
a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b

SHA512
bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_lzma.pyd

Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_queue.pyd

Filesize
28KB

MD5
dd146e2fa08302496b15118bf47703cf

SHA1
d06813e2fcb30cbb00bb3893f30c2661686cf4b7

SHA256
67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051

SHA512
5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_socket.pyd

Filesize
78KB

MD5
4827652de133c83fa1cae839b361856c

SHA1
182f9a04bdc42766cfd5fb352f2cb22e5c26665e

SHA256
87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

SHA512
8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\_ssl.pyd

Filesize
152KB

MD5
d4dfd8c2894670e9f8d6302c09997300

SHA1
c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e

SHA256
0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0

SHA512
1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\base_library.zip

Filesize
824KB

MD5
09f7062e078379845347034c2a63943e

SHA1
9683dd8ef7d72101674850f3db0e05c14039d5fd

SHA256
7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629

SHA512
a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\geckodriver.exe

Filesize
4.2MB

MD5
f60c542253cbe94f762e15c7b064b55d

SHA1
7a32f034217266db6d799893edc976e891a82944

SHA256
989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa

SHA512
1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\lgpllibs.dll

Filesize
43KB

MD5
726abf1280adf3129481b94b2bc644c4

SHA1
404f69e71296f2d199535e8a6d9fb56707fcbc5f

SHA256
8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a

SHA512
160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\mozavutil.dll

Filesize
276KB

MD5
4ecbb73d44518fc2b601a1ac9a38dcad

SHA1
f7c96e85d5b32af8efb784e75164ec4f0c6f4f10

SHA256
7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52

SHA512
12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\mozglue.dll

Filesize
1.4MB

MD5
3e4d1ec1d2a6e85593459601b5a0a828

SHA1
92ee422285282dcb170cbc7808299d14d8d27963

SHA256
eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5

SHA512
4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\nss3.dll

Filesize
2.5MB

MD5
71747091d34cc634b9ad3c360b45b0a9

SHA1
111cf483836f6a392f64bc9398a327be1c43dfc8

SHA256
6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf

SHA512
b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\opentrends.txt

Filesize
2KB

MD5
592f3cb2474d8ee082f0f95d5c1b8f5f

SHA1
90a8901af916bae9e32d3c76783269ff5e8390a0

SHA256
2b7e362060d1f86e8e847f1b247d3ced4b89482e0d66e96958a4ea3898851e46

SHA512
1b418674d4e61db176eacb7190e04f974d985127a8ee59e9cb15d8b1f6d8403fd2682020cc33964672f2cef54328149ca6129faedc407f77d6fcd27b8327485b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\pyexpat.pyd

Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\python38.dll

Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\select.pyd

Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47042\unicodedata.pyd

Filesize
1.0MB

MD5
601aee84e12b87ca66826dfc7ca57231

SHA1
3a7812433ca7d443d4494446a9ced24b6774ceca

SHA256
d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762

SHA512
7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2FpoVp\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2FpoVp\prefs-1.js

Filesize
10KB

MD5
47bcc9b2bdf14c1466dbaa010b9efb93

SHA1
d8f294518b9000b0cb5cd69b22e3376355f9ed49

SHA256
1d1429a53e694ef7cbed3a6ada7ee434c623454099f9f0500a33f66f0cf78509

SHA512
f6ec42e9e54f95a2aa024b86f8f9bbedb0c13cbbf06545dab02521f347fc1031aee94e52e8d1d07d80ec34fb0b67d761ff0abd06e8618df8b650b54b6d26a678

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2FpoVp\prefs-1.js

Filesize
10KB

MD5
79a1e1be0498be1c8324f034d7336330

SHA1
2aa00aa51829b3f727500584eb515a6437389db8

SHA256
224ef17cb48948f084ae7048b246fc4cadbfed9f9cacf42f9be6a398529077dd

SHA512
3e5d4cef083560682c3ba4aa3b0039ed95e28dffa57406ea63738058b82a1d8dfc5f2f90b86da9454f4283245966551a930ff1141660cefcc9da67e312d3553e

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\extension-preferences.json

Filesize
1KB

MD5
b4298c9a240d6b7b63346daf94013802

SHA1
9ce98168437854b51b198c16186c05129f0c273b

SHA256
e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5

SHA512
545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\prefs-1.js

Filesize
10KB

MD5
c50a1ec13990aa53a86a03d99c151f7a

SHA1
892eb53838f439018926e38b09667f0e9782fae4

SHA256
d22254df60e63272e416ae37f8f9e736ec0fd680ff535e794c56450b13104ed1

SHA512
1d60a2bcd47c3bad0770f0080075c4abe5305607f16275df5a37536c36b95c9d8c7f74e4dd7b89d36a95ffd8c129c6593392e7f422342697fab91bcbcbf280d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\prefs-1.js

Filesize
10KB

MD5
2b716c34a18f3dbb1b68af46f2c86ac6

SHA1
dd44f01390ee19798ebbe12fdc3683deb093fdf1

SHA256
8013dc219280fb62fc6fbbe72f5834ba3771e85706bc2b5d1b80ecab34677dd4

SHA512
073394dcb8d4b9b997a1990d352c243cc4c0d4b75a33f127a17844436de3af1d8bdb1687d1f45b3f798315e16e942c152df4827e73be780a92bf06871e9e240f

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\prefs-1.js

Filesize
7KB

MD5
fc905e9be545c76ed135ca7bd6fc4f6b

SHA1
6d0558ea20b7aef46d8d8d083942dfc12cb0a404

SHA256
7a2684ff8ccf109e5d3934afbe415207a915001c38411a86aa3418cf0745fcac

SHA512
cbbe827c99abe8ac419744840b59c01e5440d4758c35dbf501cc82f57c488ff25f652185edbe89e53f249c7df512ff40873d329100eb7a99dafc15c4f3bffa2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\startupCache\webext.sc.lz4

Filesize
110KB

MD5
03af3e65964d8769774cba4dc93c169a

SHA1
d448a15ddbe0130118425d5be499a2a375fe2b43

SHA256
a56f42ea468227cc4b07203d5bbb304f68955071f81cbafdda414ccbef9a4475

SHA512
79e39313b3021e20a9400f3d97316e88979094fc13993e0f0b865ec986c2a3d61fdb4fbe78e1f653bcff092201c2560a2bca24d203628991975edc9804d0f13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6G4pDw\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUxx0IP\prefs.js

Filesize
10KB

MD5
1700c5ab8252b641ac1481e20d6e2a61

SHA1
4b591cd5a7951ef105268f7f790d1c69b0b7e723

SHA256
6574c959c64cb9b7e72cd5110312bd92c00ff0d657a042cb654da5710d5bf0ff

SHA512
a91911d8fbb79a7b581506a4b0984ef6a20644312641dba61984027c4b9c03a17525254401af16f763ada6fd4f3a48a1b5e02eda37e41e0abb7e1f58f0038b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZxX53m\extensions.json

Filesize
27KB

MD5
ca651cd3af583610a17068c468fbb8b3

SHA1
250ac2dc1fb3e770f285fe3aa0179ed85d52c751

SHA256
063965e4834b3495f696c19d4a6c3914951e9595bc9b30356503e634edb1f4b9

SHA512
03897b3a9bddf4bb2ed423c6546aada53d7df85e3c79796c61f9ca16c4380f7ec61ae997daa6063a8d6a4c7116c269b559b26c71983103f506f1b37bd5f3b750

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZxX53m\prefs-1.js

Filesize
10KB

MD5
912e14e205d68e987af6b6ad12288433

SHA1
116b3cfa36bd8d9e71f23ffcac4a1eec869cbe56

SHA256
4c862e476c1d4e7421d721ecd1d167930d600900d277df0bb3a885da07c7c32b

SHA512
302fd4674480b849bd8ad4aebc1f34f5e60d8844e47172a3ca19d5c4f7b3c5805c1fe1d6e1c1a45305a51fd8fc0cd42861532e65433c973e5c76f3c17e213223

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZxX53m\prefs.js

Filesize
10KB

MD5
10c05fc055ccbf1b9a97dd141e9f1a3b

SHA1
ddbc63079c23b7da348cedd6866c47f070343bf5

SHA256
d337bbe9d41d15385091ec4585b114989c26c80be06bc1e5d72d96c32c2aa699

SHA512
adaeac0e2668c70e717c8718737310e1a8ac46e3bbdc88ec0e40625d09008d2144ab7fa5f7173f5753d6ea7d990f60c2c451ff469979bfed7e8ec29625919b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\WebDriverBiDiServer.json

Filesize
48B

MD5
2c91fd42813a762babcc2615f86267b3

SHA1
767c82d6d6117ce01c70c22212f4b1c5a90b5aff

SHA256
47b03723fb60c336b20919c228e78402ed487987f6715e5d7f3903a517e075fb

SHA512
642464b685bdecbeedcbd5cfbb1af084d9938369dd90154b7bcc73a647ab14a556249fb9b2c0bc5242aa459f5928d4060758290deac0f2c795832d4800eac5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\compatibility.ini

Filesize
294B

MD5
569800bbbd74ea13c3311b59c64d91bf

SHA1
a8787e134f4bf2ca943e9bcc0dd8299542e6c582

SHA256
539cbe40500f6b112e673b3ef1f9812189aa971845924b6f3a4373970dc7241a

SHA512
a64db29f063845af39b48ed2520a89dae33f7b24e64d90d87f5c401d16a9354f98ebb5872589641111b909928cdb9418c5b310420342056c67ba784e7d0b3f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\content-prefs.sqlite

Filesize
256KB

MD5
b15425d1f21f5708184e35493e63c8a1

SHA1
e944c1fdf56a3f6a5150b77980e89d48c7b57be2

SHA256
7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0

SHA512
6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\prefs-1.js

Filesize
10KB

MD5
f1f85cd2dd1af87ab69a0311bc3c0f0d

SHA1
977eb26281f636404c2bee002d0d1523889760d6

SHA256
579aaaf0321ad2fc3b6dfdf2f50053ab3e4c79c733dcf5f3d0542a588c5dff2b

SHA512
a435968ef98827183a85a6967a409833e3411bc2c5723950dc9ed078161ad3ce6edf765f05ba3c8ff49631c855540db0fac089de086f697047d3a1ad8f84e7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\storage-sync-v2.sqlite

Filesize
32KB

MD5
bff4d6361e4126d963ab7dffdc7550ce

SHA1
e2660c2f00b0aef4a81972c6a6093935d5aa40d5

SHA256
ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2

SHA512
8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaz1Tj5\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

Filesize
48KB

MD5
2b90d193e2aa2da768595b5ad633e977

SHA1
d6f31a54d98392a0201242a70fa73461b5b819d5

SHA256
9583d92b6a4ec59e033ccef10898d05e36167a56bae30e321d397af097eb5cba

SHA512
cba92c2cddfaf2bf633cd069754eb87d39f748ec5086dff6599f7986fbae7c8af0726c55ad77862cf6616e688e3add221ffb3ef5e571b2a7a9cdb818aab15fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b\prefs.js

Filesize
10KB

MD5
12260dae8226a609a3e027927241c9c7

SHA1
bc6020ffc3107e9ce7db841984ec7764a6dd665c

SHA256
22001219c0b1e53d74b101de466f71f9667f0cfb56aefb1910d6a45b453a4431

SHA512
e9e523c268f8e86f72cc74722a3a08bc98dc316144ee3f4b5c4a7bfd6bbb37c560a5483a30196166fd3741c3f7c4d2b72593f56d5d879ae019086b9a2d8e74ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b\prefs.js

Filesize
10KB

MD5
3fe999cef2a4053dd9495b4ecbad13f7

SHA1
7e9175a3da32e3790799b65204b3ff746d29b295

SHA256
9fd7f6eb57d02714dc494283ced4ee3aa850cbc888d4ef51fd866d0b21b3ae18

SHA512
6733d5a603a3c33af7f6d5f7fe48c1f54fc385d2476c550ac16d531d158271bbba7c9d4b76486b3b46aee02d04b3bd6b75e2ae3867bb2568af8bdfca3f4d369b

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b\sessionCheckpoints.json

Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b\startupCache\scriptCache-child-new.bin

Filesize
104KB

MD5
f5d1636ce3602881a361d6b4ef15f97c

SHA1
6976e01e8f57aefc8a626d3b8967aa3a056930f9

SHA256
01565f73663b891f84d82db21727226d9d0c622d3a43af33a0aa332ebf56d27c

SHA512
fb0525447422216487f6b2cd6911a831af358f5d8fe97742db91541085e230841bb8a70460ebe29de85fd34020ccf4fd510719fad646338431203f23a14ea0bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef3Q65b\user.js

Filesize
10B

MD5
c12c9f2051ec5c382b2a9dd030d2d188

SHA1
242b06ad1e61ec39c133b3d01daac00c8347df59

SHA256
cc20e30fe3e536df77dde49d370eea21da567da71a78ee041d0901966960ab6d

SHA512
adf5f6967126defd34780dc2c5c98dc1fdff2d6ef3e218d98acd79873ebe7c0c8077ff1e984ebcc8a16f172e03cb684f9ebdf1c7e7b833f75f536525c7d413da

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerBy2fJ\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerBy2fJ\prefs-1.js

Filesize
10KB

MD5
7ebff2897ffd80d95184ba622de767f2

SHA1
0ebbba7e6b720612fad3c9694455b5e7e409a44a

SHA256
bd754f0b9c6572709e192cf392d568869c4461fbc2d57094d99ce32738167886

SHA512
0743f16a6f7413ce7ead4e0e23f2a3473a03e647464d12b2cd66da5ded1909f28eb69e352f350977ea01ba67c417d3f2db59b151a834a62b34ed55db1bc67aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerBy2fJ\startupCache\scriptCache-new.bin

Filesize
9.3MB

MD5
29449e158f20ee28801086167693a41e

SHA1
bce34e46a21da434ee8b60847af1c68647639909

SHA256
53eb922d68f4fde53a3f182053050ca674c5823a84347bc44ead4b2a80a8db54

SHA512
3c2ea007ce8eeaaf328fd4b7ba1d4334ce98f36b14dd240c5a79bab3b14098935238ae8b734684716403657304d7590d72f4a15decf1ac44afddc4e57b5374be

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4SYH9\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4SYH9\prefs-1.js

Filesize
10KB

MD5
539da4240f0b833b7875531c973c8760

SHA1
ed5bff8e5e5f554d968b321fdb0d0c14502f25df

SHA256
7d24907d79dbb536547f005522700223739e16f29c89a695369f46d1bee09e15

SHA512
8bef460ed5540fe462f8a8c593c6ff29fac932a3c90f0c2e01e20dacea2ef1e9f03415085a34decfe29fe9402fb850878ef50acfa7bddfbf8febed965751fef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpyl83dfnu\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

Filesize
2.4MB

MD5
b2f887a23d13c1d89b6da1def352d4fe

SHA1
51f0fc924b6cb3160c1f53fb4eeec22790807713

SHA256
2fc7ca768215db831cefcd2f305ee4de53a5af49605673180ff76b8f9d5f0b05

SHA512
12eef111f65a016163f85a58c267a92706e5c63574629cfd00a7013ccb386b92f13b3b1ed9f857fb90069257c51b3291d60d7ca73fdad56f90b4c63b0e5c052e

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.3MB

MD5
6ace33a1b864825eaafeb58fa04252de

SHA1
ddd81b01a94d0dc379072de03fd767fba7e80edf

SHA256
ef6dea4298c6d56fec43fa28472ce4f59fd3fab6ed15ea8c8ab28f9dbaad60a8

SHA512
3843ab51a8f060062653e787ffddb8e7c7438a73ce34719551d108a64dba32d38ad7bceface4403d1697d3e67f666a3d2994840c68b290a24b7dc10077503449

Download Submit
memory/944-599-0x0000022C3BEE0000-0x0000022C3C050000-memory.dmp

Filesize
1.4MB

Download
memory/944-539-0x0000022C404C0000-0x0000022C404D0000-memory.dmp

Filesize
64KB

Download
memory/1760-490-0x00007FFBD10B0000-0x00007FFBD10B1000-memory.dmp

Filesize
4KB

Download
memory/1760-491-0x00007FFBD1310000-0x00007FFBD1311000-memory.dmp

Filesize
4KB

Download
memory/1816-1147-0x000001E3FE270000-0x000001E3FE280000-memory.dmp

Filesize
64KB

Download
memory/4840-1414-0x00000276225A0000-0x00000276225B0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads