Analysis Overview
SHA256
335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Threat Level: Shows suspicious behavior
The file medium.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Checks whether UAC is enabled
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 00:49
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 00:47
Reported
2024-05-09 00:59
Platform
win10-20240404-en
Max time kernel
294s
Max time network
313s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.0.1595657673\1581619920" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {c4df6b52-7280-4ef5-953f-9b0b60564a65} 4420 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.1.1970975042\838514657" -childID 1 -isForBrowser -prefsHandle 2284 -prefMapHandle 2300 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4c7a2568-729f-4289-a545-473b73fd17cd} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.2.2074687790\1804031033" -childID 2 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4a93589e-f37f-47a9-8ddb-cabaa6e09784} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.3.100672917\1131284978" -childID 3 -isForBrowser -prefsHandle 3200 -prefMapHandle 3212 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {9a623049-6afb-4f60-9508-84dfcf381561} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.4.1326603831\2028456383" -childID 4 -isForBrowser -prefsHandle 3240 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4c44fc5b-482a-420c-a2bd-ca7bf4347d04} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.5.1651824187\1271388784" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {309a9ce8-1734-4d51-b504-b86777a1956b} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.6.1901540712\1969050833" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {b4c43833-af9a-4c64-9f13-f28a0870d1c0} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.7.929732500\798663589" -childID 7 -isForBrowser -prefsHandle 4336 -prefMapHandle 2992 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {ee13eb8e-8330-4983-881d-4051e39da39e} 4420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.0.1761924575\559381538" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1384 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {6b0fd846-d5b7-47e0-ab97-b5dce7e44ef8} 4604 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.1.1933408269\1657245765" -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 2120 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {0e5f1f81-42c4-4cf4-a658-5d8119cfc4f1} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.2.1294183132\119371080" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {5294d11a-7f9f-4a2a-a354-babf75a3733e} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.3.1073688790\511847703" -childID 3 -isForBrowser -prefsHandle 3544 -prefMapHandle 2964 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {536940a1-734e-4dd9-be80-3bd8ebb930f5} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.4.1391498712\2099871471" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {c6ff206a-0e5f-4635-beb4-f61aeb6e36fd} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.5.1878019440\2002755647" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {a259eb82-6536-4859-a1f7-985bc922caa4} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.6.906855643\327984882" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {e689668d-aa6e-452f-be4e-8867f3162ea8} 4604 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.0.787542504\2117112804" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4343f974-6726-482c-8137-679384250b5b} 4408 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.1.2135893892\1784234809" -childID 1 -isForBrowser -prefsHandle 2476 -prefMapHandle 2388 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {92c8546a-8e0d-430b-a445-20e6deff90f3} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.2.1368338855\1786488142" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {62f636c9-76c0-4c6f-8a50-1fb99a078fdc} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.3.1731612133\754290052" -childID 3 -isForBrowser -prefsHandle 3000 -prefMapHandle 3004 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {dc754aef-312f-4d1b-b17a-d648dcfaa02f} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.4.1605365986\1959574833" -childID 4 -isForBrowser -prefsHandle 1356 -prefMapHandle 1348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {9614316e-28fd-40f4-b4d5-6475d7ac3351} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.5.1106111881\21559840" -childID 5 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {64e10dda-423d-4a86-a05a-15d8d7b36e9a} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.6.1465756110\1003316717" -childID 6 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {154373bf-d19e-418f-9493-012f0e5a4711} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.7.379136237\943424819" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4456 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {b2610d88-61e0-4075-8709-ce0fb9d35c17} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.8.2027311699\241694263" -childID 8 -isForBrowser -prefsHandle 8472 -prefMapHandle 8476 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {d3352c5d-c2e9-41e2-b0ed-ae45ca4fc6b4} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.9.1910969622\488557380" -childID 9 -isForBrowser -prefsHandle 8348 -prefMapHandle 8344 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {fd4322a6-a1da-41d4-b0d1-b0a1e4ebbf32} 4408 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.10.70868800\1303082400" -parentBuildID 20240416150000 -prefsHandle 3316 -prefMapHandle 8096 -prefsLen 27451 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {957fb6b1-f46b-4e2d-b963-c38844ce261e} 4408 rdd
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.11.695787663\2016467494" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8248 -prefMapHandle 8112 -prefsLen 27451 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {e0aed959-498b-4572-9836-f1b677f49a69} 4408 utility
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.0.158924286\1143800926" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {828cd57d-764a-42fa-bd46-cb875d6cb7dc} 436 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.1.1036918295\2086409700" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2536 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {8cbbb39e-40b8-472b-9c5c-4777aad3d9a4} 436 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.2.654818997\1227092361" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {1353ca01-614e-4576-8c4a-c8429c627d39} 436 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.3.2006814689\853731029" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {856d7447-a722-4418-bd08-ebbcad659bf7} 436 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.4.1492353684\552837468" -childID 4 -isForBrowser -prefsHandle 3260 -prefMapHandle 3592 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {69a7aed2-6fc5-4c54-a642-aa4633c2d24a} 436 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.5.651455128\1626652056" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {918ec8bd-1deb-4930-96ac-5bb03b4aba7d} 436 tab
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.6.1829546109\1876877369" -childID 6 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {0cc4f206-31a6-4c2f-9dce-09cf4c5f007e} 436 tab
Network
| Country | Destination | Domain | Proto |
| FR | 144.24.197.112:1984 | tcp | |
| US | 8.8.8.8:53 | 112.197.24.144.in-addr.arpa | udp |
| FR | 62.210.123.24:443 | tcp | |
| DE | 162.55.131.67:9100 | tcp | |
| US | 8.8.8.8:53 | 24.123.210.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.131.55.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:50134 | tcp | |
| N/A | 127.0.0.1:50138 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50239 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50247 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50562 | tcp | |
| N/A | 127.0.0.1:50570 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50811 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50819 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:51189 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:51197 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI39082\python38.dll
| MD5 | 305f8ecac261934543c5215f16e6afdd |
| SHA1 | 3920f757f7d3d2c2cd97ce5adcecbcf218873984 |
| SHA256 | 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d |
| SHA512 | 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
\Users\Admin\AppData\Local\Temp\_MEI39082\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
\Users\Admin\AppData\Local\Temp\_MEI39082\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
| MD5 | 0c5db0eb17c8d3d150f83fe1f6f1cdac |
| SHA1 | c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9 |
| SHA256 | 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716 |
| SHA512 | 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7 |
\Users\Admin\AppData\Local\Temp\_MEI39082\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | cef7e290b89aea3372d2ca019c5ed6a1 |
| SHA1 | 2def39d23c90ec7099b0ae7fe160b82505dac63b |
| SHA256 | f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a |
| SHA512 | c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
\Users\Admin\AppData\Local\Temp\_MEI39082\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\places.sqlite
| MD5 | 53979ab0bb6af588eafd096e7ddec628 |
| SHA1 | 6a8efe246b23c243d93d8f020b21cc2d49c81816 |
| SHA256 | a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7 |
| SHA512 | 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c |
C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\favicons.sqlite
| MD5 | 58ebb9739e0ca39fcde0bb33c50ae5dd |
| SHA1 | faf095fcda0ec55c0449f0cc4c120cf3c159b202 |
| SHA256 | 572835e9a494ab80d43311dc7cc848edc999a0dd8cea8aa71ba348cfbf277541 |
| SHA512 | 1fb48a48b55985784bf201d27207573e3a3b8f8bb39506e8c414149dd9ca79fbc46cee84d7253ee56c3cc71bdb2659a5a923cec0a984bcee0a507c74a595effa |
\Users\Admin\AppData\Local\Temp\_MEI39082\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
\Users\Admin\AppData\Local\Temp\_MEI39082\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
\Users\Admin\AppData\Local\Temp\_MEI39082\libcrypto-1_1.dll
| MD5 | 78f7f01391d3b2e4449b299512a2506d |
| SHA1 | a282b3b8b05d886a3a936550c4ef81c519f875ba |
| SHA256 | 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392 |
| SHA512 | 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb |
\Users\Admin\AppData\Local\Temp\_MEI39082\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\top-1m.csv
| MD5 | bde8be24d19b6f197ca175d49f57a2dd |
| SHA1 | 2b14d577ab3ed746b2a67db0bc01dfdcb67ba07e |
| SHA256 | 6e656f6cbdf9f7958807acf42e5dc8ff9d3c35f47e76b4c4a096cf1a0f64ca5e |
| SHA512 | 0133386681d09db3c25c12bc1dca9054a6ac4b9aa019e0073460416961185c566e83b10ccc623ae088163a6eaeb5156d9095e72e374081bc63a18b76fdb75923 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\nss3.dll
| MD5 | fd012b8e98a8a2ca935c5bfd8583ed72 |
| SHA1 | 3dd493a8c536cd5fdd0aa387488435fb342835dd |
| SHA256 | 19096ce19fc9d4144638bf2b0b2b02fb29e5f01cc85b9099c82a693349ae1d35 |
| SHA512 | f476139139cc770d0aceefbc687ed6a2397dff2ee7d255fd1432169ff3f29e94f337a2f2b0c6cd96887cdeb7a7ccf586b30b07d652de90850535e6379dc22f52 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | d262b8dc568b34fa0a37e37335db737a |
| SHA1 | 477338dfa2a841eaadcdeadb210ed0e9e419241f |
| SHA256 | b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed |
| SHA512 | ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI39082\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
\Users\Admin\AppData\Local\Temp\_MEI39082\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
\Users\Admin\AppData\Local\Temp\_MEI39082\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
\Users\Admin\AppData\Local\Temp\_MEI39082\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
\Users\Admin\AppData\Local\Temp\_MEI39082\python38.dll
| MD5 | a2d1ef944a3b2ece9251bdd4528d71be |
| SHA1 | 5d422a39b769cddf186e36eba348a5382bb81ab2 |
| SHA256 | 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543 |
| SHA512 | abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\extensions.json
| MD5 | 5dbd14515bbcdb2b2cc0d957a66ef2b9 |
| SHA1 | f894a1b1e64062378195cd08d7df681b874ff7a9 |
| SHA256 | a0a4d21804194951df1af70af0034476c06533e2c78a8b01ba218d07a3b916c4 |
| SHA512 | 90ed6069487c448edb264ec76f1d3aec74ca1f965afafd5c2f27c6bb121360808b6c34002fc53b16b5133f6aabac9cc89c6bf94cbb4b32446e81eac2720cc84f |
memory/4420-540-0x000001CDB90D0000-0x000001CDB90E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | a2730c12ef735a2f8f6fa56a0137119b |
| SHA1 | f32ac0d66162a56916b95ec71bb0929c8468b119 |
| SHA256 | 364f617a211d690b41223b860ce140a36a43d225522155f4eec1956ab3a8b7a5 |
| SHA512 | c7068c90b8446463a0269f1c4bba7d0be94e36be0758ee8f619feae6130fb5ca90f4ba1ae2fd2dae406ceb08040e65fbbf461b0ee5213d214f6991f635475ec1 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\prefs-1.js
| MD5 | 5fb39406fb438a062eba12839b1431c7 |
| SHA1 | a6f989b2935c188847f6a6b13d463200f02b5933 |
| SHA256 | 0c6fd4f2229bbc1f692d7d9e1c80151408c0556cb04b6ff24dd26b8690b1d65b |
| SHA512 | 75b06e161cac83de4abed971dba75ba309d2085591b8b739f3dcb314ca8ff6dd62f1ab31431929e0669da1f3f0bb7276d5777eea73b1f470e0e34ab26eccda75 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\prefs-1.js
| MD5 | 1b2539972d585e9963c8553afe9fc107 |
| SHA1 | 8cc69522ced2c6423571135daa304f60bd4d7bef |
| SHA256 | b6efb3319c1b5f9f4c770a71d82826878204268daff7a6cb8290a2f7a88eb27c |
| SHA512 | c3459e26fd77a17c25de97d0ad69a1fa0e16363a4065fd78b0972d3b04ef7e54f571fffe19f605d906da6b165bbeaac91d399be43942e088d8c31cd5b1e37f1b |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/4604-835-0x0000017F77690000-0x0000017F776A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\prefs-1.js
| MD5 | c403576e28735918cfa69e2a7cccc709 |
| SHA1 | 2040223f5469fcb8a161fb507c19435451e85653 |
| SHA256 | 5f78496d9b48e90c7da72347fa1097325beca31b2f644f1cef17176f2efd518e |
| SHA512 | 7814a9409dc8f0b39fce08b37d5d55dc5f267563dc6780b6fc55f1a139f36f55039c1387f534f64e8d443f70842a7c14fbb087a7254ea187a457a7a21bdf5c09 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\startupCache\webext.sc.lz4
| MD5 | 1b799cc5b6cf681cfa54d37c8ce8cb06 |
| SHA1 | 2f0fae44eb2fe74542df923e37f0c7e23a74fd17 |
| SHA256 | ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03 |
| SHA512 | 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/4604-916-0x0000017F6BBF0000-0x0000017F6BD60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\user.js
| MD5 | 5aafcb2bd07f2a260ce21cdd58bfdc38 |
| SHA1 | e0c181e028c20d5eea62f57a0742c168f3c066d8 |
| SHA256 | 8408523fdb6a7da16676d8885d1c44b41af1e892fc455b232457a86c8cb807cc |
| SHA512 | 57232ea0d3fa1f40cdc9a3966c7a4bcb10e50d3b8b76cc67264bcf0250716848f872e96d0c49ef5bb75bbb0e2b72bd12b3fd656076a97e8ce769d484259ba743 |
memory/4408-1065-0x00000213B4780000-0x00000213B4790000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\datareporting\glean\db\data.safe.tmp
| MD5 | 7fba44cb533472c1e260d1f28892d86b |
| SHA1 | 727dce051fc511e000053952d568f77b538107bb |
| SHA256 | 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf |
| SHA512 | 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
memory/4408-1131-0x00000213ABDC0000-0x00000213ABDD0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\prefs-1.js
| MD5 | 8a27674ede190f80dba6334cd7cc5fbf |
| SHA1 | 4b68012d03841b8ed153a323b4a4ea8a242a7ef2 |
| SHA256 | 83fce9c662bf3529b7ad00cda46be8e71dd383ac40f8013af064abcd79389245 |
| SHA512 | 5d92210a521fb09be4f22a35011d30e604387625e1e5405a8362348457adeb177b4ba6c374c7f3c4fedd543bbe09282743ade676141912e0116954a428a98c7c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\sessionCheckpoints.json.tmp
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs-1.js
| MD5 | 1bece7d50bcb6dc983230816742b6644 |
| SHA1 | 065495abfc109af3e5e6fa53c14458baebcf2af9 |
| SHA256 | 7ac95995ae030238ea6d3cbf1b0d1da2427d33f77f076e2a8058b2ac91f78746 |
| SHA512 | 065b1047b634b66ac00a41f15db681f37d5ac9ff42ddecf7e0dbd830fbabdb94357b2cd74760c1a82fbdb54127ee13c842920aa6b224187377f9cabb6bce8f9c |
memory/436-1367-0x000002A2282A0000-0x000002A2282B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\datareporting\glean\db\data.safe.tmp
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs.js
| MD5 | f9404e84efc5c40ea840ffcd969b79a0 |
| SHA1 | 9614ac446ad555c42336d4664d71274cad5dcd1a |
| SHA256 | 9c7fbc74ac03e05805b4e904bfc934c523092d4c5a22d1e5f238f74645c59d65 |
| SHA512 | 47655274b961f84f8cbbf79cebb493b74b8b9e5047724f215e91ad302ea1b8fd7bd853ab14c8180e6057e48611e3b64313ce116d984b94ef6f7ba811d6309911 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs-1.js
| MD5 | 02e3f139faf0733078aedaf3badaf593 |
| SHA1 | 356ce2ac70ffc39ed750ac59bcf1fdb6fb901be8 |
| SHA256 | d5aa43ee7c662d2ee2d53e80015db3ece6b161e2cbd2468872fd8388c9bf0c84 |
| SHA512 | ef9b1c485f72df8f9e1bb2e5431e651b7f25c3502bf89b12bb38124c441e9268f78f12d3fc14ceea452e949edb2c7fdcdaf8e7dc23bb0aee90fbabe671977a17 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-09 00:47
Reported
2024-05-09 00:59
Platform
win7-20240221-en
Max time kernel
290s
Max time network
307s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.0.876650180\1736432557" -parentBuildID 20240416150000 -prefsHandle 1240 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {1fd0899f-1731-47f4-b722-246f2b6a976c} 2832 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.1.1403696754\766619675" -childID 1 -isForBrowser -prefsHandle 2144 -prefMapHandle 1848 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {6bd55f2c-050e-4408-bab5-7486b6fd4b05} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.2.955549751\58059209" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2436 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {2a3b2eb4-d8a0-4f2e-a872-1ec2a7b63aa4} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.3.1236634389\241981072" -childID 3 -isForBrowser -prefsHandle 2624 -prefMapHandle 2628 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {39698b1f-7021-4789-82ba-1811fc08209d} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.4.1773549189\318622364" -childID 4 -isForBrowser -prefsHandle 2760 -prefMapHandle 2740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {70e2c484-4c68-4fc1-8812-6babd14ded0b} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.5.1750631815\1390132751" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {7e43b7a2-9ed6-401a-a6b0-f45fb3e644dd} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.6.2071788780\305883405" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {3b6fa4fc-114c-4915-975c-e107f89e6bf1} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.7.1219592774\365436563" -childID 7 -isForBrowser -prefsHandle 3284 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {be97a13c-597c-4ab3-94da-d26bf76b94ca} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.8.783827990\1360612202" -parentBuildID 20240416150000 -prefsHandle 3672 -prefMapHandle 3692 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {ed7fc7d1-7b0a-48b7-919f-2ab0574f2a02} 2832 rdd
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.9.2117990605\1513303142" -childID 8 -isForBrowser -prefsHandle 3852 -prefMapHandle 3588 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {25a686ce-cb1d-4104-84b2-adbb5c44145a} 2832 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJOKjh
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJOKjh
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.0.1617692935\861834056" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {e68d97f9-6db0-4bf5-81d7-16cd9e2593d9} 3108 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.1.1321784223\744008301" -childID 1 -isForBrowser -prefsHandle 1708 -prefMapHandle 2104 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {b8e3e906-de6d-4e45-9555-44b309bebb12} 3108 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.2.1814363179\1754532561" -childID 2 -isForBrowser -prefsHandle 2340 -prefMapHandle 2348 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {9fd47212-e5ec-401d-8c81-9beca97940ca} 3108 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.3.1958007551\2102887362" -childID 3 -isForBrowser -prefsHandle 2720 -prefMapHandle 2336 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {1b296654-bde3-4291-92ef-b31a9ac1da1c} 3108 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.4.1833407492\163634812" -childID 4 -isForBrowser -prefsHandle 2812 -prefMapHandle 1088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {6c48b6f9-76a0-4e3f-aa95-d89e99b116c4} 3108 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.5.1237110439\1232016584" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {c2c6f1ad-d9cb-4578-9ee8-035e4ad395d7} 3108 tab
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.6.1382467240\274744218" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {94b7e37f-de89-485b-bd12-4fc95d7daa52} 3108 tab
Network
| Country | Destination | Domain | Proto |
| GB | 57.128.174.82:3333 | tcp | |
| DE | 176.9.38.121:9100 | tcp | |
| DE | 91.143.83.100:443 | tcp | |
| N/A | 127.0.0.1:49512 | tcp | |
| N/A | 127.0.0.1:49552 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49664 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49699 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:49467 | tcp | |
| N/A | 127.0.0.1:50395 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50430 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI23202\python38.dll
| MD5 | 98519a6b1b8c3cad048f71453b1211e1 |
| SHA1 | b16056a5135e9b41af5dbb69042b106b27e33f3e |
| SHA256 | 45d6a5d807367599364c608dc062c6ec81def71f47c495f5d4f9eb15ad58d448 |
| SHA512 | 8e68a1a01154775326e44589b16ce99e777f6aa4f2844e9ec7763de8a55dd56b97fce30a6c7340f24c51fe4c969f78dc8c53b87face365b7f7e07ff7c6528092 |
\Users\Admin\AppData\Local\Temp\_MEI23202\python38.dll
| MD5 | a2d1ef944a3b2ece9251bdd4528d71be |
| SHA1 | 5d422a39b769cddf186e36eba348a5382bb81ab2 |
| SHA256 | 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543 |
| SHA512 | abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828 |
\Users\Admin\AppData\Local\Temp\_MEI23202\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
\Users\Admin\AppData\Local\Temp\_MEI23202\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
| MD5 | 877fd0975fbf37a578a6f91bf17ff89c |
| SHA1 | e8f17c51a254c5ab8fab086489b3ab1033e329f8 |
| SHA256 | ee2549b8bb4dcd7dbad32cdcfee35df711dbb0389a48f4226993fb2f05d0e106 |
| SHA512 | 18fda4d15be520a33438a257f3c2508c99720031b8d61c4d42105ba37dc55b86e4d9a93c2e25665fafe4acfd17ad255f0422ec47f6116314b0c4b15944a86f61 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
\Users\Admin\AppData\Local\Temp\_MEI23202\libcrypto-1_1.dll
| MD5 | 9745a302ba079a1da099ca5bb2d29e67 |
| SHA1 | 1180e5767cd3a3db0b482c351fb3b0731c79139d |
| SHA256 | c3a6a2661986fea8dfadf20fa682ae75a7f779e8465742079d37a2d7a2152380 |
| SHA512 | dd2ab9d7cfd10f4b1228910a2db481060f2352fba78b95d193b915b2ef601aff421f662b7c446717ff4a279299b5c319ac74ad16d1493fd9f026602dfa748de4 |
\Users\Admin\AppData\Local\Temp\_MEI23202\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
\Users\Admin\AppData\Local\Temp\_MEI23202\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
\Users\Admin\AppData\Local\Temp\_MEI23202\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
\Users\Admin\AppData\Local\Temp\_MEI23202\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | f3f55cfed1db00a7ca5b252c8da9daa6 |
| SHA1 | 7d701244151349bee2e580e2b791b1fc47d0f402 |
| SHA256 | 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c |
| SHA512 | de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 86f78270d33684e7d6e0064174e4a4ce |
| SHA1 | f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79 |
| SHA256 | 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680 |
| SHA512 | 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | bffaf246d2b317dda1107fccc0262705 |
| SHA1 | 15c79bbb177ab1a81a270a3de4974be8e0c1f34b |
| SHA256 | c3553ebe48de214eab889d6f14f35d045da203f3dc78dfb2092cc6fd33165a2b |
| SHA512 | 5b29c5d3d30628e0f0bd34e749a29363fae01023633e8f496c653fb557c9c09933876f2542b1969e285683d37abeb394b42eaf0b1c0a15e64310effa2db0da3a |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
| MD5 | 0c5db0eb17c8d3d150f83fe1f6f1cdac |
| SHA1 | c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9 |
| SHA256 | 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716 |
| SHA512 | 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | 99e05b86c897bbc2a33698d443d918c7 |
| SHA1 | 54b10038ed0559b7e8b9f3d115702e7ddf1662e5 |
| SHA256 | 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01 |
| SHA512 | fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 03e2510e66fa7eb48f43e359f5a21fa1 |
| SHA1 | d72c6ad44bb13efc50622bcb4991f132f3062fbb |
| SHA256 | e11dcae1fb4da440922faaed3b29302f128209e34db10a627ed407c91d891a98 |
| SHA512 | 28d600811f378fb8a9cb126f560893a285d62fe8c3fb9dd86110af7c7ee2d1b440f923949099d7503fd7c78f1270341c78ceda43ab9fa4c6a2481062fc57d573 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\unicodedata.pyd
| MD5 | 74f0f14027b885ef241534fa196562c4 |
| SHA1 | ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4 |
| SHA256 | 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5 |
| SHA512 | 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18 |
C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\favicons.sqlite
| MD5 | cef7e290b89aea3372d2ca019c5ed6a1 |
| SHA1 | 2def39d23c90ec7099b0ae7fe160b82505dac63b |
| SHA256 | f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a |
| SHA512 | c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018 |
C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\top-1m.csv
| MD5 | e332a31381c6ca9db2b50f1ce430d38d |
| SHA1 | f89de1dc4757367477344ec569983fa8004de7fc |
| SHA256 | 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e |
| SHA512 | d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
\Users\Admin\AppData\Local\Temp\_MEI23202\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
\Users\Admin\AppData\Local\Temp\_MEI23202\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
\Users\Admin\AppData\Local\Temp\_MEI23202\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI23202\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 583bbac938048639702bcc90dceb8a07 |
| SHA1 | 31c535418288476ea97281f4dbda387c13330d8f |
| SHA256 | 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3 |
| SHA512 | ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29 |
memory/2832-688-0x0000000009690000-0x00000000096A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\extensions.json
| MD5 | 44cd7ddca6e5747a3639391dec0c59e8 |
| SHA1 | 20c0086bf2fd28e420e05740abfe89c8268ce1be |
| SHA256 | 0899dc35db91f9007d78fb995dcb1c23e53e61c1c36b93d2e09c477707524b89 |
| SHA512 | a841b3db702b0e91fc76726801915ead1a4b57f74ea931cc0104b3571e670aaec275065ad8f82571ef51be64ec4ac15aba56df5bc9619c85deee2b04be0c1c2c |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 15ec240a0bc77177400b6720c0a1e324 |
| SHA1 | 045fcce2a98e9f1f17da7d79f01a79cb6ba78520 |
| SHA256 | c505a40bfcdea956917b8f6e4c23e1d82ef17e328f0f19454dd3e58b8a74b218 |
| SHA512 | 4cc801bbe55c810c32230d5be7d8138a8034c28ab67fcf5b35f6a7e6fce4ded2cf5985b25cfa29f2b5a09b88268f524cf67cb51d27afd0a94cd88e08739ff7ba |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\prefs-1.js
| MD5 | 545d07043c5482fc74dda1cac44b9e36 |
| SHA1 | bfe0f786aba9b6e67eacac9f0b0633908b7d5abe |
| SHA256 | c7c4b90ef66439e65930d1db2f6847aaee7c229f8fd7b3555160ef8c0bfe44e6 |
| SHA512 | dde8319a9eb159e2ece57e7309e3c6e7cfb4e3e447d628679f959672da66410fc9aa972e26911ce68e24095a1e164efe9a2f114d4818cc4ee92bb7092e450e5e |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\prefs-1.js
| MD5 | 1e8d67f66a9ad7d62ea51b777492ab12 |
| SHA1 | 5cc1a8e24223ff172a21181a14bd9e3090da1e9e |
| SHA256 | 1b4850dd3d106e801f2bdc6a3f690a6d4e9f0ef3b7a6e5a82a28a4536f6e66d5 |
| SHA512 | 74fc39efa32a9dda7ef73e2ee999c009b6463908d323d467588f16f63f521316b3e0a4c5866d1205103da1664734e8f37f98ee13fd0fc2a11fceb0bf5cb60e3a |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\user.js
| MD5 | 736db8c9b955f72129a6644a9c797093 |
| SHA1 | 59f1c80c407e27ffe85407a82f7b7250c5ee3753 |
| SHA256 | 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f |
| SHA512 | 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/3108-1330-0x00000000075A0000-0x00000000075B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\startupCache\webext.sc.lz4
| MD5 | 97f9b79d18713aaa1dbc3f1888f7bac9 |
| SHA1 | 658719bf33229fccc8effc78876b66a84b58c097 |
| SHA256 | e172f74f11ef747062e3c8fbd6f128e72172bdd553fa4079c9c9eb0840a44f3f |
| SHA512 | fca6e40457651af27e1ad4fbde9711a74922e788809036c11f7547a733314d5247293af312f840625815baf8120a48dd28424a380ee2d6d0011a09d27e9b1816 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\prefs-1.js
| MD5 | e83eb6fd0150357580f1647e5e798fc8 |
| SHA1 | 78e24d570e60cecad25a0f19d05c4343d00bb20b |
| SHA256 | 555e448eb2ddc66f6c4351d6ae0cb0e42fb200023ff9b1b734b5c8fe76e390cb |
| SHA512 | a910f07f031c836cb68c7236f0cbbe936cfc26b455987efd6b71b456ac9f16114a1a57505c6c8556ea125340dcf2c9d5819b1fdba01d7bff0007a3b83b8aac44 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\prefs-1.js
| MD5 | 7089dd296804477fcc99a0b4a0fc12a7 |
| SHA1 | 8d71d50d23bb23b6e4d130cad0d14f9a8bf146ec |
| SHA256 | 5a24c7c1aa301164f62218cf6b92128a57ea0f50bbb29a022a7fd11ccd67564e |
| SHA512 | 54abd3022ed2dea0b40a2cf555ea1021b58aac9f16712510bfd5fe0cc202c49742489384645b2426b59fae1b433bda59d3d6a78c1938f2829d4b8c2417dafc39 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-09 00:47
Reported
2024-05-09 00:59
Platform
win10v2004-20240426-en
Max time kernel
293s
Max time network
316s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.0.1022355978\1974691171" -parentBuildID 20240416150000 -prefsHandle 1648 -prefMapHandle 1640 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {e31ea64d-d4e6-485d-8e31-ba09b21dcd1e} 4208 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.1.176749556\796463055" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {d969a786-a51d-4d9d-9c7a-0b30a87b8b9f} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.2.896472392\1478810316" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {db62fad7-45bc-482c-9d28-a6c30770aa90} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.3.1850860694\1765701187" -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3296 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {202fa04e-5cc1-4172-a986-81f969db97c6} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.4.1099717792\1401659809" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {b63127b3-b4cc-4d0d-87fe-ad905f29be11} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.5.661251937\475827569" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {f578b656-41fe-4093-b916-712353b4b004} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.6.705364615\11428022" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {cf345e4b-31c2-40d3-9621-6fb500fc8241} 4208 tab
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv zY5fA4N1SkGi7z5FPEeREQ.0.2
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.7.1066179093\1056109668" -childID 7 -isForBrowser -prefsHandle 4452 -prefMapHandle 3796 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {a205c7a9-33a9-4c36-a532-7afcee82f61b} 4208 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.0.1526853930\1637177862" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {ee546933-0f93-4d90-a617-313f39c2e473} 820 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.1.373457113\113231738" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {d95f76db-8fcc-4fd0-904a-2ea9ae229fc4} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.2.1021787022\1941531287" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {fee7829f-996e-409b-971a-e82a8835811e} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.3.1437879802\775342460" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3640 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {077eeff8-55aa-40d0-bc7c-9228043cb80a} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.4.825663629\1650000408" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {04054238-69ae-4b7a-b896-43b3cb8599b6} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.5.711322509\2024960459" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {64787666-4a6c-4c4e-85c9-5c054a6c5b98} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.6.2045790508\1527551925" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {15acfe2a-ea48-4b48-88d5-8eb17ad7549a} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.7.890614114\1671855028" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4588 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {a773b112-53f1-4ec7-930c-6f68d0116a1c} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.8.1706413509\1471491928" -childID 8 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {f7f5f7c7-3d6e-4742-9949-f9220279af7c} 820 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.0.1500884867\695054457" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {afd044b8-0ab6-45e7-bbe3-daa249b37bda} 3016 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.1.1233193585\418031198" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {33920767-431f-41c4-ae23-25aaae68ab63} 3016 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.2.2062975279\488134226" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {2cf689d3-435b-496e-8203-b078506fc977} 3016 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.3.664787732\57800110" -childID 3 -isForBrowser -prefsHandle 3328 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {5e3e7bde-cb29-4f53-8276-22825e39d0db} 3016 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.4.1498208230\713168474" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {31921933-3224-4da9-94bc-2e04ed1e7257} 3016 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.5.371516086\1486043154" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {0795ccdb-2004-4ddc-b405-986696be88b5} 3016 tab
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.6.1973686452\697860662" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {06e26fd2-92af-4e4e-bef4-c257132abd81} 3016 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 206.217.136.47:443 | tcp | |
| US | 8.8.8.8:53 | 47.136.217.206.in-addr.arpa | udp |
| DE | 146.0.36.21:9003 | tcp | |
| US | 8.8.8.8:53 | 21.36.0.146.in-addr.arpa | udp |
| CA | 158.51.121.164:443 | tcp | |
| US | 207.244.78.230:443 | tcp | |
| US | 8.8.8.8:53 | 230.78.244.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.121.51.158.in-addr.arpa | udp |
| US | 20.72.205.209:443 | tcp | |
| N/A | 127.0.0.1:63529 | tcp | |
| N/A | 127.0.0.1:63531 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:63631 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:63643 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.137.106.217:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 52.137.106.217:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 40.68.123.157:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.166.126.56:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 40.68.123.157:443 | tcp | |
| N/A | 40.68.123.157:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 2.18.121.24:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:64023 | tcp | |
| N/A | 127.0.0.1:64031 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:63426 | tcp | |
| N/A | 127.0.0.1:64392 | tcp | |
| N/A | 127.0.0.1:64400 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI16242\python38.dll
| MD5 | 305f8ecac261934543c5215f16e6afdd |
| SHA1 | 3920f757f7d3d2c2cd97ce5adcecbcf218873984 |
| SHA256 | 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d |
| SHA512 | 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\top-1m.csv
| MD5 | 59ed227273283238e854ee930eb29494 |
| SHA1 | c479e03001104581cbf9f88298e16d4bedb9aec2 |
| SHA256 | 287f91ed048f10d66007d897938ec3a02c63f57ffc6ad87a92d9a33d36a9ac09 |
| SHA512 | 1fe011f6eef5fd139883cb15b3c1a1fcce2aa8721d1179e58de6a7bf99bd3019b76842c96f18ec6af6ca97d01877290a0312ebcbae10c299df897822c646816c |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
| MD5 | 0c5db0eb17c8d3d150f83fe1f6f1cdac |
| SHA1 | c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9 |
| SHA256 | 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716 |
| SHA512 | 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\libcrypto-1_1.dll
| MD5 | 78f7f01391d3b2e4449b299512a2506d |
| SHA1 | a282b3b8b05d886a3a936550c4ef81c519f875ba |
| SHA256 | 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392 |
| SHA512 | 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb |
C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\favicons.sqlite
| MD5 | 5e9c3d3afb472da8bed188ee743229c2 |
| SHA1 | 68fc3bfdd38f953dedda2a4b526bac2d4cdf0484 |
| SHA256 | f115429bb943c3a6022ae1430437355f20bb4cd87611d2fe5c084e361e35d007 |
| SHA512 | f1f6821835ef5d3fb2562e3c2bb91225a7672626de5b4007e1b3483f5e2aaf76bd966b4cf1dfe9e022630026d1194afb4bc8947dbbe14d01a07f5b3e3c97dd61 |
C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\places.sqlite
| MD5 | b5c12d055da1a860c64e12fa500bf3df |
| SHA1 | a609d35d60c8fb3b95e1c6d8d632ab4abcb56577 |
| SHA256 | 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6 |
| SHA512 | 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\nss3.dll
| MD5 | aaaa596833fa9b0658528255a7d456b0 |
| SHA1 | 083738ca5b627fbc777c8015b4b5c5b297139926 |
| SHA256 | db0c12517358daeaf02663ec235b02e265736f4f1c875469e065d869c05bebfc |
| SHA512 | e1b9fbfc9d9a3bebac38777dd29c28d3725ae918bff02ca44d62c8a190fc235c59e66115bf6fc41ce888cf4145e0445c398b0fc159bdd2b78484357ca8cfa2ed |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\libcrypto-1_1.dll
| MD5 | 22f805d81bb63c361749aa058a2c2f3c |
| SHA1 | 721c3f519b4c8235d13805cf78433955b5762a94 |
| SHA256 | 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3 |
| SHA512 | 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
| MD5 | ecd8efd4cab1e6f7d84483c09c9ce6b7 |
| SHA1 | aafe438def0edbe9176f462d1e4e8c4a1883540c |
| SHA256 | 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec |
| SHA512 | eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\python38.dll
| MD5 | a2d1ef944a3b2ece9251bdd4528d71be |
| SHA1 | 5d422a39b769cddf186e36eba348a5382bb81ab2 |
| SHA256 | 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543 |
| SHA512 | abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828 |
C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 583bbac938048639702bcc90dceb8a07 |
| SHA1 | 31c535418288476ea97281f4dbda387c13330d8f |
| SHA256 | 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3 |
| SHA512 | ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29 |
memory/4476-491-0x00007FFBE0520000-0x00007FFBE0521000-memory.dmp
memory/4476-490-0x00007FFBDFA00000-0x00007FFBDFA01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\extensions.json
| MD5 | 7e675ad44f754084251f411fa0cdb416 |
| SHA1 | 1a4b30ad14cebbc6027c0cd94d22ef080460b853 |
| SHA256 | e142c6b4984abdd2f45471389c33d4c9bd3e55a7ccc23be4a22a6e20a0e71687 |
| SHA512 | c463e8fc9a185b8a7ba554a4a9850eb88016ead5b0caeb7b0165f935f72a1248f4e69a508530875d16e5635cc50b155a761cc0510cf7f968144c27e891efd621 |
memory/4208-550-0x000001512C4D0000-0x000001512C4E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs-1.js
| MD5 | 642afd46ab8fb450f3cf91b20bbc5f25 |
| SHA1 | 1764b83678e17e750736a7aa9fef65c7264e0b01 |
| SHA256 | dd3df24bcdcee84a23047bd12c02542d4eac5f5c24194b1a24446c14a62141f9 |
| SHA512 | d4eb024f075840e7dde7444c3989f551fbc4c10e70c0804c6ca580b5bf1a5eff8d220bfff2072338798e90bb8dc78bd14ee0c7c00e4a42e7c5b64add163d3193 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 7bc71e3370a9d783c78b89d1213c301d |
| SHA1 | 1563fd187c47e6e8c31763c3717a7bd06fb06f15 |
| SHA256 | 5f06942b44d8f39f159fb3d246382c21355caed0068164161071326b3d96fbc9 |
| SHA512 | 7ad96297f0df9e981e0ee64b0b89f47fd8e552f7c359e0a25c6632c7ec1fa07b92ac376dbacc0e088e0b56b8d6f3b63d32eaed5559afc75d3534d2c42dded393 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs-1.js
| MD5 | c5a6c3bafc770b08f8ef6cf141a89715 |
| SHA1 | 91fcd16c7e85895e49299cd556aa3b9087bd6180 |
| SHA256 | e0fe897ea7723e767e5414f91013b6da1aabb4077c9d3ab907341c07e4551146 |
| SHA512 | d2a0c640176e9b960145e2a313f2e50eceeb2abf02df2b98008833eb8a2fed111c31317903c0da7f800bb886a4db50798c88f49c50574e67a20f71f1294a3f35 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs.js
| MD5 | 53b1f88fb5e967515e0581f1249c2865 |
| SHA1 | 5442baf5698442a89d073b280616fc6bfe7491a3 |
| SHA256 | 30a3edf0931791c0ecebecb0effd59e526a5c07edfd75b1a0532b4b70301cf11 |
| SHA512 | b471989fa75728e332f8f3e4ba468250402cfa58ea021b0491b6b368cc760a5e724b1e479c899fc1713891631b9401d1d60b5dfdaa3182a3587a36f6fe5309e9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs-1.js
| MD5 | da6817480347bdc64a8817e62bc85410 |
| SHA1 | 29269ffedf55594c66d374774caea884dbf15e7f |
| SHA256 | 86451ad784be8cc90782110e278d45c257608fce8883aceedbab291fb29bf887 |
| SHA512 | 19b022b0648dbeb9e1df80fa3b2a4cfb82c301a8874734a144d1ae42f28f35bbef78156324c6f3d7f70574f8eb35be021eea9d54ee91ab1785040210a62e2dbf |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/820-888-0x0000015767DA0000-0x0000015767DB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\startupCache\webext.sc.lz4
| MD5 | f4def8c4ddbf4cdb2e1a359781b6bd34 |
| SHA1 | f61a351e49a9ea5bf09670d50aa8d9a9994bb4c1 |
| SHA256 | ebd8c3d21aa3a994ba4d049bfb99f1ec85ec29f070c3ac4bb02308ea218918fb |
| SHA512 | 4434af842f1e568c2231b8597bfd26d0e3d8812353fa0f50923f2bd7c1950679b7f06e56e6f0a4d00bc2f250614646b8065801ac33ac5e640fd8454ce2fc576f |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs.js
| MD5 | b31da544842f4e8927872102f42fad10 |
| SHA1 | 49e170a70d10f4588788d815eda99cd93baad67d |
| SHA256 | 480186e45c25181398e81aee37cc88a5052d932d486c8286bdcf8a9e61533862 |
| SHA512 | 4be15f00bcbc51dec232353c83f0260b3776b8c4912591fc0c12e47bdaa9a6c2a463764842d97ac62786c1d00cac238ea93c5f2485cee84498805c979ad55c3d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs-1.js
| MD5 | 740f29a47ca93f12b69534fc82f6d919 |
| SHA1 | a21a66122e3b0851b5b26f862c2512b8c7f07505 |
| SHA256 | bc109bf8986392da8f78ef3bb5a37b7d68f6b31870e156e65c9534367af66464 |
| SHA512 | 86b90987d6bdf6826b624fb825c8c2dd45fc9dd33f38e930d9fd30deb5bca49d7169891f9873e760a7681406abeb1f982f7ebca560e1d99c5799d35aad4b7f4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\datareporting\glean\db\data.safe.tmp
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\user.js
| MD5 | b11e999fe94ad0b61093c69a3ffc90bf |
| SHA1 | 00f5229d010751b1984ceb281ecc293a88668529 |
| SHA256 | 32447a4751274c1e104bda4635518653e324996e829056897da775d6d4ed1a66 |
| SHA512 | e1161a561313b53487fdbd974e9c5769ea29684814a065476c19725b1e33a5057173d328a32449f83f73e1c5e93bf8963ffb790778e64cbef4dfd95a373a62f3 |
memory/3016-1202-0x0000018686BE0000-0x0000018686BF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\prefs-1.js
| MD5 | 1c9998a1b81ace226f7b8157d54a219b |
| SHA1 | 998bae034773aa746825c2de3b68a9af939a8d77 |
| SHA256 | d45fe3cbe5b41248d5369884c087cd2bb038212024070e174b9205bfdd3c7269 |
| SHA512 | 9f622ad4f4a80f6f8c58acb0aad03b6a330c421aa3177ef3fb5b90217341018ced96a1cf3680bcf30714e4fee6f5276fc6f71afee45f12baf61d773449a65d81 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\prefs-1.js
| MD5 | 2d48159cd2299d7bb6e229907f8d681e |
| SHA1 | e2128e49b2f51033a6dbe9c3d64658a6e583620c |
| SHA256 | 0182da27b1582a3aabc4989e2f0dc51973d0b04d3ca6a8cf782930bdb536a97f |
| SHA512 | 47efbb465ded5ede33c9f144d20fd7a39f772e0d6a740623027bc942710f13966700b24ce997abb0fc30fab92156d4ac78daa2eb7895a6eac83cdcd9c34f58e4 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-09 00:47
Reported
2024-05-09 00:59
Platform
win11-20240419-en
Max time kernel
295s
Max time network
313s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.0.1479794355\1161629903" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {2bf6c929-fa35-4f38-b995-749878d79c5e} 1912 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.1.1810714960\2088133485" -childID 1 -isForBrowser -prefsHandle 2380 -prefMapHandle 2988 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {d49d2ad7-0444-4dba-a9a3-141869dd8a16} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.2.1268367581\831781816" -childID 2 -isForBrowser -prefsHandle 3008 -prefMapHandle 2420 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a46240d7-d26d-49a8-8685-82af021e8d39} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.3.602137427\1697280765" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {101cea28-bb4a-4409-b1d5-cf2d6371b076} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.4.1912710321\1046151127" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3352 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {6ff1a2cb-f71b-4092-83b0-870a9512f54a} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.5.1247494910\1562326494" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {464ca9a3-35c5-44a9-a686-0274893ec745} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.6.1516311579\1909979326" -childID 6 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {b21bc33d-6ecc-4f48-9c9d-d469de21fd0d} 1912 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.0.1605248451\833540672" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {defe0d61-c118-4fb8-ab77-5c8437c666d4} 3944 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.1.1106854186\1051685819" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2552 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a9df11d4-ab3f-4410-b9e4-c22de95a5e24} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.2.2707645\503005679" -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 3044 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {d7491e21-6a27-43c3-bd50-33c14ba9926e} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.3.944977645\500301160" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {9d798052-6b74-4d86-b818-71a79c10e65a} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.4.779821379\1218212383" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {6a0fab2d-a71d-42bc-ba02-17eca46dc7bb} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.5.1597656861\1167866570" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {58ddd2ea-e16c-49bc-b286-a0f315511c55} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.6.1456021148\2084999519" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {30a007d1-fca4-448e-98a6-cbd53a0f457a} 3944 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.0.1014592056\520605564" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {1931e800-bc75-4762-876a-47cc8ce3fdd1} 4060 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.1.246583825\1627495608" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2800 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {0d81722f-6de0-4c53-b4dc-cb234f131563} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.2.963227825\1896079192" -childID 2 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {968fe2fd-568a-4f2f-ad71-ea78b5065168} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.3.1772535896\1847586063" -childID 3 -isForBrowser -prefsHandle 3956 -prefMapHandle 3060 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a6db9610-9d09-4915-bf5a-c54f85999cbe} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.4.1396374835\1718476948" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3472 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {5cf22d1d-0a79-41d9-9cea-cf0e82b60a2e} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.5.1374357045\918607277" -childID 5 -isForBrowser -prefsHandle 3684 -prefMapHandle 4092 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {009c4096-4390-4427-8c12-fa081de6a3ad} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.6.411496574\470905382" -childID 6 -isForBrowser -prefsHandle 3032 -prefMapHandle 3324 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {eb6b989b-3359-4661-8f07-97a62ded2168} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.7.272591352\1509587012" -childID 7 -isForBrowser -prefsHandle 4564 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {8eae27ff-ada9-4bca-b338-fc43c4057d06} 4060 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.0.1716798140\135836494" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {8a57eabb-5616-484e-8943-05d8d5a43485} 1656 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.1.1778743375\1619580004" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {7a6476bd-3649-4825-b104-8a6592fa4f13} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.2.822891906\1937955103" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {dda0ae1c-adb6-4bdb-bf91-d8d9e1b84515} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.3.1577026438\1512757095" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3608 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {ead7c8fe-317a-41f2-8109-b7ade502ea60} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.4.1770614208\2019965300" -childID 4 -isForBrowser -prefsHandle 3160 -prefMapHandle 3172 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {85dbd75f-2b06-4a9a-a302-a5e737b61567} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.5.952811348\2019069072" -childID 5 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {ba318f19-8255-46ad-9dc9-eb5ea5b18871} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.6.2031792019\970156751" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {28c04b20-b6d7-472c-b322-71c1528978c2} 1656 tab
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.7.1683907700\1309828088" -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 3912 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {be25b3b3-f650-4aa7-af6f-70af25d98b14} 1656 tab
Network
| Country | Destination | Domain | Proto |
| US | 75.75.102.102:9001 | tcp | |
| US | 8.8.8.8:53 | 102.102.75.75.in-addr.arpa | udp |
| N/A | 127.0.0.1:50118 | tcp | |
| N/A | 127.0.0.1:50120 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| NL | 45.134.225.36:11444 | tcp | |
| DE | 179.61.251.32:9001 | tcp | |
| DE | 46.4.103.29:9001 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| US | 8.8.8.8:53 | 29.103.4.46.in-addr.arpa | udp |
| N/A | 127.0.0.1:50224 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50232 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50576 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50584 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50925 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50933 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:50015 | tcp | |
| N/A | 127.0.0.1:51264 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:51272 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI14162\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\top-1m.csv
| MD5 | ba0857be5e9736dde1f5cc44edd5d21b |
| SHA1 | b130759907909cc97bfe0d9a1fd65b8942c931aa |
| SHA256 | 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca |
| SHA512 | 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmphbk9_84n\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus
| MD5 | 27e6a6bf35274abcb3fb8d176a62556b |
| SHA1 | 4ab82b827564e287d35ac972c743766761f852bf |
| SHA256 | 16f1ea05e8f14641d6351a92fa6a2196ae26edc5d04b392c12831ffdbaf7712b |
| SHA512 | e360a35ecb702d2a09d1dfddca043a8cfd133caa4816ec96e22a4fc1c8af2c1ceb516abf85b743d787b0c25c8241eb308f8ed1767d88b8ba9faad660e045941c |
C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
memory/1936-494-0x00007FF8500B0000-0x00007FF8500B1000-memory.dmp
memory/1936-493-0x00007FF8507B0000-0x00007FF8507B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs.js
| MD5 | dfad056ba3a14f876a6d6892083c226a |
| SHA1 | a07f65334ac26ceea1664881670472a403bf715e |
| SHA256 | dabc95fe1054f574e455ab132f17a5a97ff40b3e65f450ae48e14ddb672bb3a3 |
| SHA512 | e833b285341a20dd6b4742bc1aaa7ef8303aa6646770aa611dfe83db208c6e0e29bfed9fba346feae0a2fd557f0fd25fcdaa1687f35f1544a1f7b5ccb96faae2 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\extensions.json
| MD5 | 0dddac66deb4492a6c1719a1b92e960b |
| SHA1 | a9214a9965455a39dc997f73b6effe4b2474c820 |
| SHA256 | 797d2975e6eac1aa788d7d5ab8878cecaa42d7c110604546650b76e09fe3ad20 |
| SHA512 | 7c09c90e052abd13f41a350f490d46e29e7cd498f718647e615d9835d1dcda2fd826e695128c2791fe5499d3c00facd0a386ad83b399676f388d1bf1e54a3083 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | f8a032dbb6b62961ca3a7c8330a72d7e |
| SHA1 | 4a1a06fc901846163de6eef4396fe1e1599bb886 |
| SHA256 | 9ff5da3ff3ca8ea7b776fd719f5f43b95c5ac3e347291f404e02ddbb2f77bcc9 |
| SHA512 | 8e69d61ec42d07e684efa2c0539a60e6affe97e79b67d3273bc8b2c5b49095aa00c124f4a1dd99bce3d01cc3d82dba6fbd5e2122ba5061f831488399031b6cd6 |
memory/1912-573-0x000001FB629F0000-0x000001FB62A00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs-1.js
| MD5 | 966e6d3091001e9dd4802e3c6180e675 |
| SHA1 | f75e8e7cd56060c30cddf932f7d90cb7764d5cf8 |
| SHA256 | d01f493e1250442a19f69368b453205d2b1ebb297fb6b47321e4afc4d0a41ef5 |
| SHA512 | 300bd9a771a37ffa1364ee1765e26b733e7c38fda88c1d660cb12f65896c4a3f8f0d60e2763ca9a53563a22281ea918790c2473750ba3d6903060a0184e28e43 |
memory/1912-614-0x000001FB58AE0000-0x000001FB58C50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs-1.js
| MD5 | 2e9f17396b7673f6094a49cd149dcfdd |
| SHA1 | 884ff47d8b6f8f58fefa0c9751b6f64732090022 |
| SHA256 | 8f6edb36a45746d486fc1bc321e1fee7ede1f09607af272cbfaeadccda7e550b |
| SHA512 | e237066c88a8c4136e727389c9f1715cbcbdcb5e7278985fa7923ac4131b98543a5ce05d62ddb7b5597708f9109d360b8b0133d30e7b756598037c2fb96a1fbf |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
memory/3944-878-0x000001A2B9490000-0x000001A2B94A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs.js
| MD5 | 769da4d37982d019cb9cea9f9c32f398 |
| SHA1 | 36881ee0e8e4097b7466bd2ebe92c0b9771683fd |
| SHA256 | 2210800b9b2b00e42712d62fdc8c80f86424a60ee53eaff74b173b01b2c84818 |
| SHA512 | 90579e13af6f94dc997edcf8de9bc080f3671b1ead59f71b8e0f2a00f35c8dabd868c464552aef54adfca15216fc697ab18414912f20f815c10f09682f38241b |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\startupCache\webext.sc.lz4
| MD5 | 6cb8b06de0098d330a23e41fd0fe2ce2 |
| SHA1 | 8dfe29339475eca118390c468a1ac05e17fbcf72 |
| SHA256 | 35642ed136db075ca82b2c111c86f433475f731320f40063bda26192a419e03f |
| SHA512 | e92d7f469259761679a840a3752eaf2ef8320122ce132b4128fc10ae5bd02c011fd924bf0a291953760f56f5bd8c234550ffdd8fc3fc5de402409400925c5ead |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs.js
| MD5 | 86a4cf1537e1e0a158686fe00b18518d |
| SHA1 | b87dcb957d2b8197561cbe6ff64f3aaac246bd58 |
| SHA256 | 0e021dc28e9affaf18d5d53584ea1016a355f060603e2ec37c2281a2870ed014 |
| SHA512 | 7e7a3e8e53b3ad67db8f8158ba851c72078b34158a9a55f904361bd1ee74568a28e432e05eb19ef01d40f5552f8c7059db2dc88b272499d84a03283acb51de16 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs-1.js
| MD5 | c29c130bc9e3d7d5a93208c4e6fe31c2 |
| SHA1 | d91e1e09733c649d19670568ee41edaba06130f8 |
| SHA256 | 072de2c33efabcff17d627e20f4f543c852e4d62f3b7c56c4bc69ea9172b8bad |
| SHA512 | 840301eff7245ceeb63aa1cb82b068a0afb79bfbb48fe0851a7632929640484ab6943b84192a2021d6709c4d021360d4c31a67b3200abac667dca4b730d24687 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\user.js
| MD5 | 736db8c9b955f72129a6644a9c797093 |
| SHA1 | 59f1c80c407e27ffe85407a82f7b7250c5ee3753 |
| SHA256 | 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f |
| SHA512 | 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217 |
memory/4060-1202-0x000001B3921F0000-0x000001B392200000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs.js
| MD5 | 61c87d5fd8090fc89c42287d7ed4a254 |
| SHA1 | 27b3968be027e61077444ee1173fc750a9b52cce |
| SHA256 | 1f4611657a6b9a54955d8a6a59bde7b77380a6a7a361d19c00816102929d7caa |
| SHA512 | aa08eebe8ed6965bee239cbcf2c8eccbd5b594f222c8ef774b973f4b8246464980297d80055e2ab8b48e50d0b16d7fbfde2d7d27a8e575e02215bd959239f81e |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs.js
| MD5 | 781c71d153770fce737e384e59301f7c |
| SHA1 | 8b8ef39b84c47ec89242977d5ed2f3390d24c182 |
| SHA256 | 7cae70ac33d8631d3176ac03e132746370b4b96fc5ef5ece1e18d3fb3fc45457 |
| SHA512 | 5c4836244f3d8acf01e43ef8d3cd285735709b5c4d42cda8257830a1f6ac8a90a659420038bcf06d114d69e849e25d2ed4713305d0fad09b61bf549093c5c8a3 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs-1.js
| MD5 | 44a46dac2bbb8812319664b192f86b68 |
| SHA1 | fb67eb9cf424e6fccb541e543d738de9a9186a35 |
| SHA256 | 7ff3860170c92214aadf39dfc4714e8cb78743ce7a475b04a5972c13961bfb0a |
| SHA512 | c9508d0fec4cc577bf7b2373b3d542ef185e011c97e1c313ee983107754bd5d94fc684bb85734b4e325e73cefc351d302ac4a8673df4064aba80ddd14c8b878b |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs-1.js
| MD5 | 0bb528e1913b9fc67588a7949dad0966 |
| SHA1 | fb0ae6fd4bbc1de93ca758cdb8a5e0a71534c409 |
| SHA256 | c0fb37a62c21da3c8bf9e2083fe68198dfef74daa4ae45a9141a2d6febd7df97 |
| SHA512 | e383dc00851fb89e40e9c749ab15c0b6ce41dccbc1b4be9ff12466d86f5d29ce0dd2247cf2398591198885654e4eadf9d9d2ae4b5ffa34b78791cff73df88df1 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6\prefs.js
| MD5 | cfd81452248fd3c901e5fc243a4edb28 |
| SHA1 | 843bc8dfef8829b5bab5341980da6217388d6a62 |
| SHA256 | 7876ad5ed94281f82057da7df29e74318cfea169d0fe8b4748e719ee0508e8dd |
| SHA512 | 3ce926bb78dbe089a6a7134832a6d7b8105ecd2f9a35676a3d05c855939e9127b05f8387808427338e3ec73d60218e6fe091cf9710ec68d526eaecec8069d433 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6\prefs-1.js
| MD5 | 43d53ccaec32b7a98c8e5e4589bdfb8f |
| SHA1 | a3b061ba92bddfedf8dbe23c9fcb13561f40daef |
| SHA256 | fb9acaf68665026db12e7fcab1805202499ac7a1b86015ab8e0ed777779f2aad |
| SHA512 | 5046f490eaf9a56ed1bbad639ba2815edcdee7058b64f4381cdfb4a1606c50540115bc0e1450e8eb749650ac0560f9ed106984692d7ddfd6fb693f727411989a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 00:47
Reported
2024-05-09 00:58
Platform
win10v2004-20240426-en
Max time kernel
276s
Max time network
304s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Users\Admin\AppData\Local\Temp\medium.exe
"C:\Users\Admin\AppData\Local\Temp\medium.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.0.1360793342\245605948" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f8a50169-5505-4c73-bf91-c3f60e71c2c0} 396 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.1.200396377\1086512177" -childID 1 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {bd154123-f057-4d24-a046-19322b425718} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.2.895771234\67297448" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {419ea5ee-6b01-4a58-87f0-10de585998ef} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.3.1298843043\1920157286" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {57a2ada4-56a1-46ff-a954-6abf9f207658} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.4.1567967952\788471835" -childID 4 -isForBrowser -prefsHandle 4004 -prefMapHandle 3972 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {6b361af7-1035-4944-a21a-39660f7aa744} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.5.1551165886\848395780" -childID 5 -isForBrowser -prefsHandle 4260 -prefMapHandle 4264 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c726a058-d618-42eb-95c7-dcbca4d1dac7} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.6.2115421974\428953379" -childID 6 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {3e3b1766-4757-4bb3-93d0-9c8b1ab92afe} 396 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.0.1694726555\743480751" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c8996bfb-4759-4dab-875f-59cd29481956} 1824 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.1.1198350206\1809521959" -childID 1 -isForBrowser -prefsHandle 2556 -prefMapHandle 2376 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {b54941ec-ccb3-4310-a111-2f603daa91b7} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.2.258244691\775057296" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {1bd1b85e-e5af-4bf5-9984-167771329f05} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.3.1003952341\229624860" -childID 3 -isForBrowser -prefsHandle 3236 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {45fe77f3-b120-4d86-914d-04aeb4ae0392} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.4.15298648\1840827261" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3864 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {8fba39c2-cc01-4d42-a760-28772a4760cf} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.5.1172395708\1475423206" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f3d142e3-1145-4034-8b6b-5744e6898124} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.6.1281761657\1609146555" -childID 6 -isForBrowser -prefsHandle 4212 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {0a2b8196-e762-4a32-b05a-072a37babafa} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.7.882198966\710943165" -childID 7 -isForBrowser -prefsHandle 4032 -prefMapHandle 4196 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f724b5ce-81d2-4a16-9122-963d6e184a1b} 1824 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.0.745493065\1642446620" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c07f2c16-04be-4e12-8065-040a2f15eeea} 1252 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.1.2043884980\923261766" -childID 1 -isForBrowser -prefsHandle 2608 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {5b458ee5-bcfc-4832-994b-0a4009f27e63} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.2.828319675\1358993248" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {b851f6de-a137-44f8-aa2e-f3a12ae2d4fb} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.3.1497958307\996280801" -childID 3 -isForBrowser -prefsHandle 3324 -prefMapHandle 3308 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {cb8ad784-332c-46af-ad18-02f44ffce582} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.4.1736369041\712044055" -childID 4 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {3b86ca6e-3cb9-434e-b666-756fb7880e9c} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.5.1243823261\1098644177" -childID 5 -isForBrowser -prefsHandle 4052 -prefMapHandle 4180 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {76dda959-8246-4e57-bd4b-02ab257bbb9c} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.6.238027538\835599881" -childID 6 -isForBrowser -prefsHandle 4236 -prefMapHandle 4244 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {fb0ad2c0-0c08-49c8-ba76-c7f6cf5d92db} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.7.1877637045\1281682184" -childID 7 -isForBrowser -prefsHandle 4732 -prefMapHandle 4736 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {90ca92c8-a264-4a3c-a9c0-33f36248e8dc} 1252 tab
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.8.181115202\981382832" -childID 8 -isForBrowser -prefsHandle 8920 -prefMapHandle 8924 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c18fc45b-b026-48ee-9e80-98e08e110a58} 1252 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 199.249.230.177:443 | tcp | |
| NL | 37.1.201.144:443 | tcp | |
| US | 8.8.8.8:53 | 144.201.1.37.in-addr.arpa | udp |
| KR | 158.247.225.136:9001 | tcp | |
| FR | 45.158.77.29:9600 | tcp | |
| US | 8.8.8.8:53 | 136.225.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.77.158.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 2.18.190.77:80 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:51544 | tcp | |
| N/A | 127.0.0.1:51546 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51650 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:51658 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.72.205.209:443 | tcp | |
| N/A | 20.72.205.209:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 20.72.205.209:443 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 2.18.121.31:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 2.18.190.77:80 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:52009 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:52017 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:51441 | tcp | |
| N/A | 127.0.0.1:52375 | tcp | |
| N/A | 127.0.0.1:52383 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI45682\python38.dll
| MD5 | a5ee4fa71fef11f96e91af34bdbf075b |
| SHA1 | 82f5cd96e15ee50f7d5255d657074a4c2f0544d8 |
| SHA256 | 45667e2c024552ded7a98b97225d8702bd35b29e33bc75f111cc349d0388ad25 |
| SHA512 | 1ed82ead67ddaf52db407d1bd83e1b5989072e6760034b285b65e1d6a6c8f9cb2734ecd89163cc2edbf6668529d3e30f3ea41641ca5ddb7aac23b8ef57b7083e |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\libcrypto-1_1.dll
| MD5 | 78f7f01391d3b2e4449b299512a2506d |
| SHA1 | a282b3b8b05d886a3a936550c4ef81c519f875ba |
| SHA256 | 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392 |
| SHA512 | 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\top-1m.csv
| MD5 | 0bb41c540a54e3fd2eee9689c7a4d23a |
| SHA1 | 40062442cb48102a1671749bed9e6cbb369284f0 |
| SHA256 | 94b70bb532a798d6b732267e11a90de78b0a7dd3f8a41ecf1525f52fa8409c86 |
| SHA512 | 3589975776e6cbfcf013e7461212676f6900c930347599e39fd102d37139e9636dce0577ec269d4dc90395c9f53936def2886dfef7fad938fc1a78dc3ed2015c |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | dff7c11471a2f55c9dcdbffacbdd24e6 |
| SHA1 | a86bf99113b0118aaeca6ff79a53d2b1a68b85a8 |
| SHA256 | 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5 |
| SHA512 | f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | f3f55cfed1db00a7ca5b252c8da9daa6 |
| SHA1 | 7d701244151349bee2e580e2b791b1fc47d0f402 |
| SHA256 | 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c |
| SHA512 | de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
| MD5 | 0c5db0eb17c8d3d150f83fe1f6f1cdac |
| SHA1 | c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9 |
| SHA256 | 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716 |
| SHA512 | 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 1ed7c2bd7ffbaf447f5206e035d8bdfa |
| SHA1 | 8455c9b465e9abe8a90f394a8ab5fb769b10fe15 |
| SHA256 | aa15d65dde814599e444b377f36d090400b18206edfea6f5d3086be4a01338d9 |
| SHA512 | eb3faeb0ab14060722e69e216ea27907679d02a09965ba2b2757da64a086932ff721ae1d4daf65028c86ca354575a4c1cea6637242925a3f5bd79e176704844d |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | dfa3a4ce64626cc3964d930ba7b9fdcf |
| SHA1 | 530ba947eb29f5e795c14025e3daab79b433a86e |
| SHA256 | e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472 |
| SHA512 | 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\nss3.dll
| MD5 | ee6037e568307c91667f054b406086a1 |
| SHA1 | 935e33492f71ee268e10334056247ab3dcfd69a5 |
| SHA256 | cefa3b0ea718e5cb5d070e4cb0064192a0590d834e2c71320aeba59e4da013c3 |
| SHA512 | 3b646a2183808981461474077ccce3dfa322a40045d552e08794b90015d14b78cddf26bbb4349be37dbe1e2365fb78d27735ddfa8ead15aaa5ba639731c72e3a |
C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\favicons.sqlite
| MD5 | c2bbf83056f1563ba6f1ffef35824532 |
| SHA1 | ee3fe13b20e7948b59bc6d8668369cb79d76af8c |
| SHA256 | 7c5b3ad6c8cc78caa41849987d59924b17ad5cf5de6486f6061c807a7c7268ae |
| SHA512 | 88675fac0932c3d69c73d24bcb1fc10d4c1d7a850a28b7b2994e9a16bc28a31017ffb5306a083f9db0a9eb9293813b9fc69adb763ee51c26b68e3f4b3dd97080 |
C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\places.sqlite
| MD5 | 53979ab0bb6af588eafd096e7ddec628 |
| SHA1 | 6a8efe246b23c243d93d8f020b21cc2d49c81816 |
| SHA256 | a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7 |
| SHA512 | 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\mozglue.dll
| MD5 | 9647b3d2d168398c6bc9e9d939596971 |
| SHA1 | 0d420aefd2ef229a7030b840796b95f2875d848e |
| SHA256 | 79f51e2545df5509d036b1565bc65f1183234494ddf4fea1541ea797ac541e1f |
| SHA512 | f9d040bed9518cb0098c18abfa3056e78d0507a8e15898172e9c9cbafb3d1aebf2d4ecd1c20e3b00e746105fc56d4da16d949966d9385586e02c080a52d6b04c |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\python38.dll
| MD5 | 82cb609d6d313b55ef2182e1710dbe33 |
| SHA1 | 78a68e3f7e79a0f79946cc4a47f9f76ed613f8d3 |
| SHA256 | 9366df6f041b91067dc5027adef7d81b554ca1d8ce28cebef2596e08b18ceb7b |
| SHA512 | de159901a8b69599170a53e4a6b61eddcbcb0c76fddc0eea5aa22af44032b10b45c36287f37cd500db5d88a8db8c96aea25b0d3e02cf91ecf90043fe6aa21081 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 583bbac938048639702bcc90dceb8a07 |
| SHA1 | 31c535418288476ea97281f4dbda387c13330d8f |
| SHA256 | 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3 |
| SHA512 | ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29 |
C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
memory/3036-491-0x00007FFA6C530000-0x00007FFA6C531000-memory.dmp
memory/3036-490-0x00007FFA6C900000-0x00007FFA6C901000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs.js
| MD5 | 7c8d7fd338ddedaa0519d6d7b05c2f39 |
| SHA1 | 39792d3b6a4d424f9480bc37801ea53f6f4e6bbf |
| SHA256 | fe4fba9e6c4c9cb618129f035af9cd5f672812c4adc1fcd97781e9e55d5d6889 |
| SHA512 | 9211ce5a52d2d4b264e5e920938d4afd80c39b5a3eab94af801f914627a5ee7a5bb3f25ded826e9b31fe184af30ecf077cb05a549fd9149c8cbe265b03a87f6d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\extensions.json
| MD5 | 57de1e624fae94f5de26f46f525bb985 |
| SHA1 | 12808b14df3e1f1ffeaa9f48bcceb66ebcc8d3de |
| SHA256 | e8f116fa00384fdf335c2acd28b029fb197c0533e649d4b79b04771d4c1cc065 |
| SHA512 | 76c64778a1a001ca5daa2044c843dd80dcd74c715b1010e54b4e648f1c77d0d553c2f2a9f5e224de1a3a1bf1d7395d6245f2532eb911beb1a953ce1e9c43a10d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js
| MD5 | 3d5bb112051a9fe730521dff9e77a7bd |
| SHA1 | fa083ce79c811e31e728e2fb5ac319605aa65194 |
| SHA256 | ea11952ab0f6447d6a877178e70ee87406fd3222533cf7d129e75729c7609b82 |
| SHA512 | a40739b2714d731f26a3d09707ed7a1d7c15289452074c56026b6d16d73ecfb23f5dda65119167dfe3dd3a918a253e5529ac309344ae28a92068b4a3ed92c279 |
memory/396-572-0x000002A394930000-0x000002A394940000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | f845a5b1377792730e0de040a4da8b0a |
| SHA1 | 36abdbcade0b0ccc433eb2ffdd0f584ea9d3cf7a |
| SHA256 | a32dba9cd7e7644962b3d0e9550e0915cde20dbd35af717210d9b64131180276 |
| SHA512 | 8b21fb9edc0618078c676aee7c5bb61d810faaacfd96126a48e4fc5fef0fa19499f4679100c66c8526529041b0dce1abdf6fa266e055bd974075b2fee4f92a3e |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js
| MD5 | b0e8f8ce80bf15aad390e114d3b006a6 |
| SHA1 | 4120c72507736d29782c325b20da4c188eb08b85 |
| SHA256 | bc22a12eac497bc498461705180b1c8c15c76c322451694cd40cdec57b92c337 |
| SHA512 | 7e1b882385c7fa5b43cb69bbef99b70ab3086ef25f52a112791c4e84017130a37918ee94541a9b892b045ec53fa7a6731b50074a1b657e48b43b0cc9223676ec |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js
| MD5 | af45a7f2177df1d65a3729a9adc2d0f7 |
| SHA1 | 2848fe457c98056a63628deb2968152d25b74c12 |
| SHA256 | f4ae7e443f30249cc9691490834192525a3515850247ead191fa4b47c1dd2a21 |
| SHA512 | dbfeb240ce2a8a2e278ccb2c8abff8f4df8a47b36d86ae5847306d62bfcd6e4f5e44c6405f0053aabef39b936f24131641c3aad56a42f1d78131cd01e4136a09 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/1824-857-0x0000013D728E0000-0x0000013D728F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js
| MD5 | 21338c94dfcc2e8f547638b325d3bb64 |
| SHA1 | 3d0077c076518760619c22f1af2c13687a9ffeec |
| SHA256 | 7c04cf502ebff1911939abd2641c73d93cfac0060d8ff1c2a73056bceaf689c6 |
| SHA512 | e0950e18d3a6eed65183347e2a58302f84fb1e01c057a4440530ed8d83d529ff0bfc4dee85f94a85a9422e30c0ba4e43aa686e5ef820778fea1602e08ac52b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\startupCache\webext.sc.lz4
| MD5 | a454857cec3998e45a3feb0cc950a90b |
| SHA1 | 7070fb39392b017e8f0af7b38a3f21b82ad67255 |
| SHA256 | b5c7cea7cbbe636aae7322fb9b5f05bd90898a7d5f53278ce5d9b0b6b5eae8b1 |
| SHA512 | fb652c1673341264a4530fe41da0f2834c088a3d9f3c532c83f29bdc4fb475fd519e95f9e1715f8b9f95b002ebb163db67839f322b32eaa5a9b9105021ef7e68 |
memory/1824-916-0x0000013D670F0000-0x0000013D67260000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js
| MD5 | d5453f4408e02510846a73773e829fe9 |
| SHA1 | 1e8fbd8caad42efe4d313ebc02a63dccec11df73 |
| SHA256 | 02943f56b0e582e65c9e6c992861e917591f9bfc7e9425218fa6667432d79656 |
| SHA512 | 0a2c915b8337cce000e33e67f85039c9e37a2fbd1f0060340ba722191066d43d010960e313c5b1d014e0a18fdba70bab4c68e0fc3b8cec36f7df6e1b2c74a4c0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs-1.js
| MD5 | 0f33608282b85dc96bdd2cdfdbd068f7 |
| SHA1 | 62d36713722931bb61793cfa88dde626b1b08979 |
| SHA256 | e4d55aeec956a591bd0262908bfbc250955c97475eed78bb554d25a7d04f40a5 |
| SHA512 | 20120b5cc8a3db2afaef0243a66e7ea7c202807a40fd99bd33dc97faa3f906c89e3e00887369ac5d0ead36ce6cbf78fb0da9581a8c877b878ac513bc73526ce0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js
| MD5 | 2424b6ca842bf08c55abfa26decdf593 |
| SHA1 | 7d64fb1b339f4b205812bf448d0c858171deabfa |
| SHA256 | 0f41ee4e37ea2c4b740c28ac2f03d64f4669585c6a4fa628741cf796cf805735 |
| SHA512 | 75a13d2a7a36128b45f29ba4bdb9816604e5771b92dae2cffbd021940eaa04da799d2313d03571b5ae6e9ddc58d4a00ae2b46bf35c77ad2da0f81b42bf2e79ea |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\user.js
| MD5 | 2e16405cea0e4bb1aefd4e547d9b887a |
| SHA1 | 217c324ac7da7325950f2b9bdb6a2c90338497b5 |
| SHA256 | 3fc9f54713aca04ab76324714c9a86d64f791db981967959703094dd5bf518f3 |
| SHA512 | d5b2797c2f81017916656df095cc5eb2b046cdbe619722265db1ace37cc3280674b896ad2443d2778f85a147d1467ec6bdc4ba1d95bf01febbac47f33f925752 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\prefs-1.js
| MD5 | 4be09fdd3cca803d0e7a74b46d76c3bb |
| SHA1 | a79a90e7ae285950f6bd9d672546059a3f40b469 |
| SHA256 | d653e0da62763d48178fb9e6544f6ec0d8997e3a6f92e002e654d7abc6ac41ab |
| SHA512 | 05768ad188ad270a95110670a2ad9e310ffcf4425cf9d8895b59eae13ac96fdf1b4cc98ecd3b181f53b018ff3fd0bd54a96d97602af05ad87a1b0842dc30933d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\sessionCheckpoints.json.tmp
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |