Malware Analysis Report

2025-06-15 20:34

Sample ID 240509-bwanlsdd38
Target light.exe
SHA256 799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce

Threat Level: Shows suspicious behavior

The file light.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:31

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win7-20240221-en

Max time kernel

237s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 1732 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 1732 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 1576 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1576 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1576 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1576 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1576 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1576 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2736 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1576 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe
PID 1576 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe
PID 1576 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe
PID 2872 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 2872 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 2872 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1852 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe
PID 1244 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.0.381825992\1801023920" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1152 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {8f4d88d0-75e6-4295-b727-d9f31ac83e80} 1244 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.1.1881310176\2047240578" -childID 1 -isForBrowser -prefsHandle 2380 -prefMapHandle 2272 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {bf36228f-f860-4cce-941b-ed1a28635315} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.2.1813955032\147638109" -childID 2 -isForBrowser -prefsHandle 2052 -prefMapHandle 2188 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {be904450-529a-4ac6-bc5c-fddaafc3e38a} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.3.69269812\297606703" -childID 3 -isForBrowser -prefsHandle 1844 -prefMapHandle 2104 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {98f88ed7-b160-4583-9b3b-fcd17de4865a} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.4.620885033\1567118174" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {864f301b-00bd-43cc-bdc4-aadbee49e688} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.5.717728014\94679879" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {d7197f78-80e7-4de8-933a-dd15949fd74c} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.6.796768405\2143813200" -childID 6 -isForBrowser -prefsHandle 3096 -prefMapHandle 3100 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {233c657c-833c-4704-b76a-464f541e0240} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1244.7.659694949\1746483227" -childID 7 -isForBrowser -prefsHandle 3352 -prefMapHandle 2564 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {cf96f4e0-6131-4cca-abfd-c5edb992e367} 1244 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.0.70697943\565511263" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {4b9eacb3-6fd5-4d2a-92b7-f10b5b951b7e} 1588 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.1.1182353383\98289961" -childID 1 -isForBrowser -prefsHandle 596 -prefMapHandle 2160 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {5d27dbb0-f2b0-4379-9214-043e96d04c4b} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.2.74134840\1550168678" -childID 2 -isForBrowser -prefsHandle 1640 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {aeae7be6-ad77-49ed-9399-aac1086b0053} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.3.1667436368\1708747295" -childID 3 -isForBrowser -prefsHandle 1932 -prefMapHandle 1728 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {3b077f0b-d802-4393-a574-6619819e0155} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.4.1719462494\398509828" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {7dbb47d3-0955-4347-a3f0-b77764305ef4} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.5.933101789\562308723" -childID 5 -isForBrowser -prefsHandle 2888 -prefMapHandle 2892 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {7907f220-e062-4731-ab76-6037737ed38f} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.6.1218180733\1668601903" -childID 6 -isForBrowser -prefsHandle 3048 -prefMapHandle 3052 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {fdd7f021-4d0a-4f90-bffd-1d4c69773859} 1588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\firefox.exe" -contentproc --channel="1588.7.1141940905\105216881" -childID 7 -isForBrowser -prefsHandle 3380 -prefMapHandle 3384 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\browser" - {4056233c-cd9a-4c6f-a28a-17bf10e5b1a6} 1588 tab

Network

Country Destination Domain Proto
DE 185.220.101.75:9100 tcp
US 38.15.129.35:444 tcp
US 51.81.93.162:443 tcp
N/A 127.0.0.1:49570 tcp
N/A 127.0.0.1:49572 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49669 tcp
N/A 127.0.0.1:49709 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50257 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17322\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI17322\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17322\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI17322\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI17322\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI17322\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI17322\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17322\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI17322\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI17322\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17322\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17322\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

\Users\Admin\AppData\Local\Temp\_MEI17322\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17322\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17322\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17322\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17322\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17322\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17322\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17322\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17322\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17322\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\tmp54stb40o\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17322\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU\extensions.json

MD5 4bb6404c197a19e12b045bc4bf06b706
SHA1 5ed9a82ad0a069cac3c2f83091d31c777f966fc7
SHA256 96e984f67d0b6806fa09ca8f0cc73ff8ab87ffda2921dffe4ab9277e40ca5b5f
SHA512 4eced57c205152516de4012edff4d5fbac4c08cbed3506e74899aa88702d6e1719f3a0e5bb0834c4c8a8eec314607df600536d394330c07bcf99039f2148cbe8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU\prefs-1.js

MD5 5f9dd69096029b6943c8b86aab3c62ad
SHA1 76bba7dd298ea74e21cfdafc21b8b1912f5f9b89
SHA256 86464e6df349e679f6d89710cab4154d5ecd35aa0eb94a58787a1806861e7beb
SHA512 b7b19d98405911b6511715ccd51b67347a2f5469f57a779f7dd9bd1e43715772d44b023c1242586737bbede8c3bccb3746abb3c1035d990686f2e82ee1bdd249

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 916765f76a7cffa93c1f211a373f5077
SHA1 9809de0f65a89fbb96fbd985b2f59e5c6d90c6f8
SHA256 2a2a41f3daa1790a2b3708cc197d9e017e5027598dfca397260717f72552ea16
SHA512 f15428494ab9ef473a3e9151ab1a162701ef18d8608b9f901130e036a48167808262d4b3f2b353b73f311f4a8645f8ea24cd4d98c1ed8c78d0bbd11dd74c173b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU\prefs-1.js

MD5 52921d2a0e4529cb574bedce271fc6e5
SHA1 88dce4ac23e6d18e641383dcbaceeaa13fbb3f21
SHA256 5dc68b0df4c49bb5bb5205dc875640962fbe9584dd2fe712c95c76be62a32de6
SHA512 4a7041c8e6f2970a88941d67fc90b6ae48714c2aa6eee4113a1d2eaac58d689c3dcb35d023b335413b6dbe1c27f8a167227574567f0791bef62aac402bc0e3c6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLlLtNU\prefs.js

MD5 9f71ec0e5ca94ed56d6a945e6c8e2817
SHA1 4b374cd9074c682cf0b8f5197c1a87059539d9e0
SHA256 0e80346c8b71b9bf4a8eb533af1e2adc281dfd223c8900b30a0d9314bfea058d
SHA512 a148abe0d701980c0020fa90e8c691b4d2a495dfd095024a7d8c86e2efe8833e39e6ba1a10c95f253cfe7f8f03f26a63f860de847ae97f9f4c116899fa787c3c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1588-1210-0x0000000004000000-0x0000000004010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\startupCache\webext.sc.lz4

MD5 41386434f355583bbc64daae3a1d68ef
SHA1 be18762eb33b624b073b0abb6dc4ec8a7973f5d4
SHA256 d31d2db09b676a247740a12d52eff3a2b7933de1cb0d959e1813a639657ee861
SHA512 eebf72f9efc1baf3e45171670ee5adbd9a375f4bb89c6f3d35ffb3033542a21940f06ef153919c02570af482822bc3afc342c75f7b8ccec8db3d29d49bf03c33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\prefs-1.js

MD5 a1e0a8fc7535b6c119ae0010e94db5ea
SHA1 e7b00224afdb2374f944f159ce72218a757a5ce4
SHA256 576dbd8128d1caed681f71fbc4c7537f94924dea9d95e897f2a3dbaadd6d26a3
SHA512 bdbe81b61088381c39fe2a65baa950d52eba4f9cf0829fa91a2dbff6c9210905e57535c3f8dd9b2c9422bb7e17a04bf65c2fc6d245911d51a4e93b455fd06f4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\prefs-1.js

MD5 a7d2cda4e5e750faedc79d2a6bbcf55a
SHA1 daff327557762d80c6cfecf8c2044af57c61b681
SHA256 526c825e59902ab050d3379196363226afa7752e7a610ad8acc310bcd0a2b60a
SHA512 0d699955e060d44fd43d0a926bfbcf2bc3022151aac848cfea2661687ba9d352a579bf02f6301e06a99931ca311e86524e49c55140d478cee8018b5404b3713b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBZSVA\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win10v2004-20240508-en

Max time kernel

301s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 664 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 664 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 4372 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4372 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4372 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4372 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3352 wrote to memory of 4796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3352 wrote to memory of 4796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4372 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe
PID 4372 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe
PID 2824 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 208 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe
PID 1300 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe --port 52548 --websocket-port 52549

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.0.1008512838\1806707514" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {842962e3-17a6-4783-96de-b768676a5031} 1300 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.1.1948414086\1898226467" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2916 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {7abac8f3-4155-4c77-9edd-eaa6a7871366} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.2.117169299\445732537" -childID 2 -isForBrowser -prefsHandle 3272 -prefMapHandle 3268 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {1c032f17-2628-4724-8ef1-cccca5ff4718} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.3.282687211\885812512" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3784 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {0581fb01-220e-45b9-a3be-ea33f7d968dd} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.4.106461441\1800138306" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3556 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {9d0eb5f6-cd2c-4fe7-91a9-c56a63a1dfa4} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.5.1625564047\600342592" -childID 5 -isForBrowser -prefsHandle 3336 -prefMapHandle 3324 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {16b9a685-73b3-43de-9510-25065e473094} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1300.6.1214440532\808850895" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4076 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {1d1c9a7f-e0ad-455f-b376-cc7efe4f6f26} 1300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe --port 52548 --websocket-port 52549

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.0.1228960563\1673036488" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {f4fb0f1b-36c3-4b03-98cd-28c6b2d217d1} 4732 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.1.629471616\166817827" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2728 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {b2c35a96-0505-4b56-a2dc-152a52aaa99c} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.2.503026392\2127709182" -childID 2 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {030c1be6-b019-4f04-b26c-d45687fde30d} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.3.1183442741\991068304" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3364 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {5578e3ef-be70-4f5f-86af-664f0e6993d2} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.4.1825727678\417580057" -childID 4 -isForBrowser -prefsHandle 3396 -prefMapHandle 3604 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {2b7e5335-57f6-4cc5-abf0-f5abb93f0db3} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.5.893375662\719121566" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {0edec7bf-3925-4be2-8b3e-41d08c5c5eb7} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.6.591859506\1466362890" -childID 6 -isForBrowser -prefsHandle 4204 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {edee750e-0a0f-4dfb-aa6f-c546b95fd0b0} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.7.288932444\490411410" -childID 7 -isForBrowser -prefsHandle 4552 -prefMapHandle 4608 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1208 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {5a5ea854-18cc-4724-a6f1-6fe098fad823} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe --port 52548 --websocket-port 52549

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2HshqD

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52549 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2HshqD

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.0.1752675098\305737335" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {7b03ea2b-526f-4076-83e0-dfacddf828e0} 3680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.1.342586068\1869351479" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {36a84950-0d56-40d7-bb56-f247b93b9074} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.2.1392467702\2129005977" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {522a777b-24d2-4424-ae5a-089485a4dc4d} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.3.908662193\1583970545" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3732 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {dc48dcd9-4309-4cc6-a106-fd632a981e98} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.4.240604550\214881244" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3692 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {78352088-0085-4b93-86d2-9d785d1388de} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.5.1223091411\799529034" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {b9eb83f8-27b3-4cf5-a2eb-497f0b3bdf13} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.6.1045160749\639409477" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 4020 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {0a5d6949-6395-49a0-b640-f5d9179fd7f4} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.7.1857666092\1100419121" -childID 7 -isForBrowser -prefsHandle 4492 -prefMapHandle 4500 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {b8b0e860-0c23-4a63-9ae8-aded6228507e} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.8.4800872\1326581234" -childID 8 -isForBrowser -prefsHandle 4308 -prefMapHandle 4316 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\browser" - {7bc0f453-77c9-405b-8a44-39c3b755636b} 3680 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
N/A 127.0.0.1:52652 tcp
N/A 127.0.0.1:52654 tcp
US 3.225.115.238:9001 tcp
US 8.8.8.8:53 238.115.225.3.in-addr.arpa udp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52747 tcp
CA 192.99.152.50:9001 tcp
DE 195.90.210.122:9001 tcp
US 8.8.8.8:53 122.210.90.195.in-addr.arpa udp
US 8.8.8.8:53 50.152.99.192.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52757 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:53118 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53126 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:53489 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53497 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI6642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI6642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI6642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI6642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI6642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI6642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI6642\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI6642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI6642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI6642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI6642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI6642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI6642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI6642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI6642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI6642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpiecni08s\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI6642\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1300-464-0x00000261B5C90000-0x00000261B5CA0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/764-490-0x00007FFA12D50000-0x00007FFA12D51000-memory.dmp

memory/764-491-0x00007FFA14200000-0x00007FFA14201000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x\extensions.json

MD5 6a73be7489c3e0915ba5c62d29bc38bd
SHA1 7614e61cf7a7c428100b8a0f660d19c58dccc440
SHA256 e37611f88527771c78f552605185b8af0f015067fb396c129bd18c4f4c4c444f
SHA512 d2e3cf309ced2f87f0927f0b770e584a2a29f32f55c61451889982b7887ec317555cd63e6b9707a1cb4b78281e067f1c943c3ef223b29b41231b62def0ec8183

memory/1300-566-0x00000261BD9B0000-0x00000261BD9C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x\prefs.js

MD5 c9fdbdfde4098258743e5127432739cb
SHA1 d6cc54a671806212ce56b08666065e91cd47534a
SHA256 18f33f744be37e7bb47949a4600fa6eb189fe1d4b9e430c31f07089c4253725e
SHA512 743c91fef58d9005f05e81510261a326b2286fafd8713e492e0094b1553cfbfc97938855b5f28bdc5cf490e72247a362c82d8e9c199113b8874a69c59b917108

memory/1300-597-0x00000261B1A90000-0x00000261B1C00000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 425bb284c930f66ebf2b502290d306d2
SHA1 834d793b990337fd952e95361cc46d376179de8f
SHA256 7c336113c36c6d99108e8c435440d91665e4ef3108096027c47b4aa86840205a
SHA512 f54ba20a0f3b620f8d98effc708cb4c058df9c58706ac6802d70c3392e2da235aa6a79fcae983e195ae051587aef6baaadccc41129f4af123fedc2397f4cb145

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x\prefs.js

MD5 e3ebc8da6a60c1448e871123db34d98c
SHA1 0e3da7218be26a22799acaa7c1bb66dadc246a13
SHA256 f42bf29a11decbcab1efa0044d5b1b4b3b081b3eb3894686283a56984826ea38
SHA512 92949ce1a9fffad5de6e6625f4f09f01e2b7925ed464fc853564df850ffb427b36eaf0963ae421a4c94818a5d4fb5e32ef06f20e05ca8f9e1385b7e0ea3b6641

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x\prefs-1.js

MD5 81b725bc5df632448c33a11e76eda7e4
SHA1 56b74114bc16d0a3678569614be11357e8a41a31
SHA256 71d1f6901ca7ec9a23747a2e5cd40a6ea69f7f9cad88583afc5b300effe6b181
SHA512 6bde94737a8a1051ec4443a15314561e4fbae5303c746390b78210491477d0b65fc611d2db937cde4f6b03f8a5ac08f37f89f8fd5c4677d1e125730e16dbad73

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3HUU2x\prefs-1.js

MD5 85576d3566903491b53f3a1406287f42
SHA1 b802362221142eb237af864a648f1d60b3703359
SHA256 8ee837cceeefea0db7e07bf8643c7e895bd9f59b5efc7fd698017db84b29d340
SHA512 63dd0c383708a5a677127505186fc43310962b7c86f9f6637317ca8ccc258eaf7c587c34e9e61510072fc79557b18fefdfc7e55f3452d89cdd53b038f504d3f6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\prefs-1.js

MD5 d7b43d6773bf4495b9319582eecca635
SHA1 f911a6e55af609013abebd66299c41e72b94ec17
SHA256 8cece632c8757e3bbdb90765f6b81af6516bce5f17a20697e8decdd7c966c965
SHA512 a8f2e5d1703accf61af9619a3d3cbba3c54c3c47ba0d4f4ede6f16ac10339b7724f257c0129a45ad760526562db8d591651d69568ddba4508ce9847bc00548e1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\startupCache\webext.sc.lz4

MD5 5d0be779880c7b19005e98a16970cae3
SHA1 adaf24581d7bc87208ae48de22884fc4d8c16b58
SHA256 0e7e7e46660cff14f70ca6938c60b7f60a66ada6078d88aa189f788a04d4e569
SHA512 a00012005bc74de8bbe3a2c671eb73298df74a9e248f24c96bf689524ed05487f4e42770e2ae66c46859fa5be8e9f288e3581bc311b7741fa56c2ce3303abb62

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\prefs-1.js

MD5 cf10f0922de8a3c6234c2495e1846b4f
SHA1 63dba48d09a5b32b960d78c5f1da5b51650cfa4f
SHA256 1b5690193571f74b046b1b8cb2f34018e51ba22ccf2e087b4c434fbcfcdcf097
SHA512 46cabd5dc48a1e9efadc36353d54378732557b75fd952d62485f89bba4f54dbd155c1996b8a0c87d63fd9a508db6f0d62d0543711cf60284b5fa8bd9a78ee72b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\prefs-1.js

MD5 8be24d552d548141bbfdcada9f750063
SHA1 cfcfd64a84198f91a20ef4a48de454fdcdfc7216
SHA256 3937d69058af4b9a0eca2a1e849998895c5b24f7ae02731e193587734d10a58b
SHA512 64aca37cf6b8b711cd78c33ced08a324e2e581287369e8e97fd9dbabd6de745225731636ee9e264874a9e4c88eb898f5d0b3032a8b8a9036104e72205fbafc02

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMNgYMQ\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2HshqD\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2HshqD\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/3680-1208-0x0000021BEF860000-0x0000021BEF870000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2HshqD\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win11-20240426-en

Max time kernel

284s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3860 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3860 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 4968 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4968 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4968 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3240 wrote to memory of 800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4968 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe
PID 4968 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe
PID 2236 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2236 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe
PID 2816 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.0.1384234058\521985583" -parentBuildID 20240416150000 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {014b0231-835d-4dde-9a13-407045d18a98} 2816 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.1.1026705423\1829525353" -childID 1 -isForBrowser -prefsHandle 1436 -prefMapHandle 1424 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {728926a6-2f8c-4784-8d2a-fb87ccfaf004} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.2.189970984\1912054789" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3052 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {a2fc763e-8e9e-4591-9e5d-0d28f1ffa571} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.3.692786587\1716461202" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {4795d6e5-76c1-4a56-82db-ff91c00fb138} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.4.643600008\899655418" -childID 4 -isForBrowser -prefsHandle 3148 -prefMapHandle 3160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {516e9df2-018d-44ff-9193-13d7a18d2657} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.5.1264990037\189657872" -childID 5 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {6abd75a7-a172-405a-9e6a-eab8b51acbc9} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.6.508826261\2145527511" -childID 6 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {9905e0fe-001f-4233-8a20-bf2d864c6ba5} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.7.642653586\891514838" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 3244 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {dfdb25d2-665e-4e50-9261-dbbb2d345627} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2816.8.361039468\710885213" -childID 8 -isForBrowser -prefsHandle 4480 -prefMapHandle 4740 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {6683b5e4-c33e-4054-b052-a6f23b47c9c0} 2816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.0.285521679\1680826652" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {0f991bdd-d11f-4fc3-88a1-493c56174eee} 2636 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.1.1015526359\174275926" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2788 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {5cf5e1cf-b4ad-40b6-b81c-277885c60075} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.2.1302605563\1532812646" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {e2dce3cb-40c2-4054-9bf5-3740ebc101b5} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.3.199523192\80739147" -childID 3 -isForBrowser -prefsHandle 3196 -prefMapHandle 3200 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {a9f9cf85-4610-4461-9e25-86033b0e0c94} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.4.1494807285\1210449085" -childID 4 -isForBrowser -prefsHandle 3136 -prefMapHandle 1792 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {f8cadda8-5f7f-4c57-b2c2-585dee7fcbba} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.5.361646322\1575618838" -childID 5 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {25467b18-4774-4eb7-b341-aa8cb46e3502} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.6.439684701\1478047721" -childID 6 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {27e4a53e-e9f3-4263-af96-28fe23c4a648} 2636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2636.7.1388145606\45982672" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4488 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\browser" - {845d938c-f55e-4a6b-b5c9-864a6f3319e1} 2636 tab

Network

Country Destination Domain Proto
DE 144.91.66.153:9001 tcp
US 8.8.8.8:53 153.66.91.144.in-addr.arpa udp
DE 5.189.134.99:9001 tcp
US 144.126.156.29:443 tcp
US 8.8.8.8:53 29.156.126.144.in-addr.arpa udp
N/A 127.0.0.1:50109 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50214 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 71.244.170.31:8500 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50662 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50670 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI38602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI38602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI38602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI38602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI38602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI38602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI38602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI38602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp7617atel\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 637b6b0921b9780acb739bd945809afc
SHA1 9c89a388664842caacedca3a62bbde82b24f9409
SHA256 fc2582520c3695c2c2a586b0ca2df0aa4111ae1c091f2548031679fc423fb867
SHA512 6b041ef49e994c7441bdf9b8f79cec96c0e5624ddeec2f5ce13b9c2d40a8d4d8980592a7b33276767a37421ae3fa97dce3b425b1bd9a85dd7f42cf51f9f1a1c7

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 d5a74e45a1d330236c75098cc4239ed2
SHA1 6d32eb7d4998ef1aae362fb970b1cb7187bcf5ff
SHA256 8fda3fa76f824075d7c592d804c77cc076a478852016b975d32b37436b4d7a85
SHA512 ea83e8c2ae40f0b9013174611e633a23b1559cef2b5cb035ddb774796d82183a8df92fcd2d4c1da87fdcf243ac21539607f0dc62944e9af1d4f27f7e2ce7c73a

C:\Users\Admin\AppData\Local\Temp\_MEI38602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI38602\top-1m.csv

MD5 73be86def01ef71d7151076c8a80d29f
SHA1 8731052027a4ad48bc00e31caf91c06dc7494c7c
SHA256 eb8941fa24c9bc35d99436cbea9202a3e499d395fcf7c8a1385207e03338f865
SHA512 e9cf5c0d24ecff617a2e94b1d03ce76875e4c384bbd62134b93638245ccd13368992761ba5abad5ec6209329a0d90c2a8c721c40f2728ead294cfaddf90b65ed

C:\Users\Admin\AppData\Local\Temp\_MEI38602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI38602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI38602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI38602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI38602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI38602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI38602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2484-491-0x00007FFD08750000-0x00007FFD08751000-memory.dmp

memory/2484-490-0x00007FFD072C0000-0x00007FFD072C1000-memory.dmp

memory/2816-539-0x00000182D1BB0000-0x00000182D1BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\extensions.json

MD5 fb124b512b7b579f7439b6a0caa0e475
SHA1 4505fb55448447a21a84ae88328871334de68824
SHA256 ed851c1fc31552915ed62270b553347bb78c55476d3f5333e84a3c20f6814380
SHA512 1e353901b4d44fa04eec1eda6929aaa4f4b598d071fade4fd1a09ddde13cb4485b44b985d15cb987392786bbca5ad773ea97df781eb0ab0d87d9d965eec1a6ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\prefs.js

MD5 d1ccb9415beffee19912c9a64c7949d1
SHA1 23a09601f3441789f59a33623491382e65ea6468
SHA256 f0a2e42435799e3554e92735cbeddc815f176ae654d953e5389b67205994c988
SHA512 fae0afaa2cb03886c4b6bac174fce4eac4fda28842605f4dd84aff8b4ca35498ca85ae607f6879ab5f11e017bcf6938c5779871bb87c6177cf7298c8ab9da643

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 700ca9b100c2f6c0130a6fb05153e53a
SHA1 c1a7603c7ef50481c612118d559508d404bbb251
SHA256 e8e22169c43087c94da9d0021bf84f74820ee7a4ea055beb54c1316c6855319c
SHA512 dc92123abd80ec8f2c3fb8275e3562778ac9d884811c3f407c473779aee6b4cb18f0cfb40517fc0b194521472f286c507199c791f6be9b3fe22c06abea7f7835

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\prefs.js

MD5 ef89a2f4ce62f5356136f31341521932
SHA1 1eb6d082189529a33d07b7bf8efa0516b2aeab7b
SHA256 a909f9668b601cc7aa4f216990c38b608edf1aa8ed2891604b32d094e89abfea
SHA512 8de2af5b40212918c8d816b0f9f21e95d8051ab19c8351f7a6bcbce2506d9994c50b2743aecbb4e44beebb688d84de00c34bbf52f400088dfff79bef21534f94

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\prefs-1.js

MD5 7cb476a4705023dd1d2aaf65e8987108
SHA1 2a358abaa6336417863f19d09a5d6f0cb471fafa
SHA256 2953214d7cf39a2dc551b3bf44c0434ce7ea4cd031937ed7e0689c85d6b9ea94
SHA512 b61f63b742ec3ef4787b30bb1fdf4a7e17b9709289d6c93a7603d13a8f420c58ce639b7779fcab001dc5aef3dbf4daa4d70aae71bd348f1e5bd47a5035993b48

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\prefs.js

MD5 64ed63a94c42cb528b61cca063b6c8d5
SHA1 81f5c387d9056cf0fbdebd248b1fcf574832521d
SHA256 98866266468632b7b0dafdba1fc52fe15a99b8bcbaf4b3123b66532bf40092cd
SHA512 292b9005d827d846ffc4d48d7f52f09660d2ac7a6e0ac166963c1ddca62a6ba12b5865b04bdccd7d5a4ac82c69fd75835483481fc160a0495d8507e282f807b3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMN1KFs\prefs-1.js

MD5 509a3ef5e288e4159264fdceedac1459
SHA1 8b93ae6303e0d4dc85b2eda779aa7d235946e52f
SHA256 da6e4e465b9da6b49d93bb92f8aaaa6b72b665116f08a722227c7de8c90187c1
SHA512 3bbabc171584e8bd3335c73d9dca0f3ed6453e4768e8dd8bc29f2fa07343c21c0785c5e033602e74212a651fd13a122c113a2477ca8bf28a9ee7393b2db1268f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2636-940-0x0000028824700000-0x0000028824710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\prefs.js

MD5 224658e0345a0869d912938433e85edc
SHA1 213306a67139bf59e5d0d74d9d838ca286bab4c3
SHA256 a7435efc57229c66bf07f8ecf6860ff399117c9216ec266df9f3692d7b29f62e
SHA512 14f75d70333be102361a55f89f188e4c10bad665d09df6cd785fbcfc14ed6f018d5f4b94bf5fd80d7d40e2102b776787264e5e01b1781b3285606d72da2d3208

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\startupCache\webext.sc.lz4

MD5 0e48c70cffa9f5933627bf30c73c169d
SHA1 9e0d406ad54613a0a46ec9c930ca310f32609479
SHA256 8bbbc5a52ecc08e9bf02acf4393e748fb7a54e59c25949d8e718d6d1d347ae73
SHA512 5a2be40e2590040920fcda4aa3804142e600225ee4e1bce8e10702cad03fcb0b58a866452e2726e27d607162815200e322c456eaee21a8d894aeb0d0f2b5cf57

memory/2636-1013-0x0000028819090000-0x0000028819200000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\prefs.js

MD5 0d38fc0bd53129ef2a89c70b9b09a0c2
SHA1 33741881ef0cb1273c10ad1b3d7f7727a697d231
SHA256 2800fe6b2ad346cb4e1d653f75cd351812fccf5ce53495ce9e28413e4bf5dd98
SHA512 375ead92816b67718b8cb08b8b4d244301ea049d23060dc0a13b5d3a82c03ac8c6fea6b45a9e7eddf92cae5c6b22ae2b0c7760e816992f2aad542a72bfd77fb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\prefs-1.js

MD5 c49fddb137e28f37a2a4213ddfaba4e4
SHA1 0ea9314009a11d43c58b46c4dd508f989335a301
SHA256 06d8b004cab3b1b9320805f91e81d667a395c36cf8330298e29f13139b58e785
SHA512 892a05131e78f6fba19fe9d96284f81aab322cc066e65960c8d3c704e37fb640133d18249c62a5d969489128939d7c7c3ba2b90575947c555bd24b9092931d4d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuG7o3G\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win7-20231129-en

Max time kernel

294s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2888 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2888 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 1204 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 444 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 444 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 444 wrote to memory of 2440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1204 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe
PID 1204 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe
PID 1204 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe
PID 2772 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2772 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2772 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2396 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe
PID 2796 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.0.2013595188\1627735823" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {262f0834-d179-4011-87b6-06d5901b7bb9} 2796 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.1.1563510469\1935397703" -childID 1 -isForBrowser -prefsHandle 2252 -prefMapHandle 2012 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {95e5dc30-cf48-4ace-a9cb-0a746d1034c7} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.2.1793547134\471093809" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2256 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {bc6b21b9-dc59-404a-90de-19338a9050ac} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.3.838253547\985753030" -childID 3 -isForBrowser -prefsHandle 2672 -prefMapHandle 1688 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {7a36301d-3430-482c-b768-f9a49ad4f16e} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.4.1841694459\1646488670" -childID 4 -isForBrowser -prefsHandle 1088 -prefMapHandle 1084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {116441f1-5619-4694-9bb3-6b11e8a374a2} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.5.980827276\71590370" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {0384e366-134a-4b6c-9a76-d2634b988f2d} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.6.1108061369\493361860" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {c238797c-c0ac-4f85-a743-d18084825821} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.0.496024525\1829398220" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {3ad6a91b-ea9d-40af-b041-e045efbe313b} 1800 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.1.814682863\884103166" -childID 1 -isForBrowser -prefsHandle 1104 -prefMapHandle 948 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {5638dc56-11bf-4b71-93a2-4c1630e453b1} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.2.1098002823\746940757" -childID 2 -isForBrowser -prefsHandle 2032 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {eaef1dd1-dd66-412e-a8c9-cfdef57b4db9} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.3.513069003\1590217206" -childID 3 -isForBrowser -prefsHandle 2004 -prefMapHandle 2272 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {238f1526-7df0-45d7-979d-535a02d7f502} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.4.726951214\1575034202" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {75aa4db5-7f16-472c-bf04-ac53eeda28f8} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.5.612736443\23730291" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {4cb67344-20a8-4ca6-a963-bf63c37b6404} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.6.1844048964\1377754592" -childID 6 -isForBrowser -prefsHandle 3068 -prefMapHandle 3076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {1145bfd7-45d4-47a9-bece-030464c95ee9} 1800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1800.7.1804157217\1844891591" -childID 7 -isForBrowser -prefsHandle 3368 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\browser" - {f120bdc0-9a38-40cf-b6ad-7cb58b44831c} 1800 tab

Network

Country Destination Domain Proto
US 207.244.78.230:443 tcp
DE 184.174.38.53:9001 tcp
DE 116.203.64.212:8080 tcp
N/A 127.0.0.1:49497 tcp
N/A 127.0.0.1:49501 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49649 tcp
N/A 127.0.0.1:49684 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:50161 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50196 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI28882\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI28882\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI28882\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI28882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI28882\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI28882\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI28882\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI28882\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI28882\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI28882\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI28882\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI28882\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI28882\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI28882\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI28882\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI28882\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI28882\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI28882\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI28882\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\tmpkzolgbi6\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI28882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg\extensions.json

MD5 5d6c3353b052e656e7c4b3c4587179c1
SHA1 449b8117b3cb7e5f92894110273667037503e091
SHA256 45de52751b17a603407d8875123d33d491daf2fdd0d45361306fb547da5e1a10
SHA512 1122cc8a65d201437923f89a6d30eb4a5e85d6b4f9afe933afdb07286ae2bda3d015c46ea047487fbccc30d7e32628d26c12c436299e1f1a58ae12cece0a0bd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg\prefs.js

MD5 b501a713997e9dd812be0af8d62c9e6c
SHA1 2d9712f50fd763f17754b3ca2c39fc060e5923e3
SHA256 9ac8a84487483bbf670fabf883e8bee93cc40b8c693d5a63b89732d9fdb29dea
SHA512 6b07ac05a68e3d436d80281f850e9ef2e8059987b4c27bf983a416cd513c63f2188dfc298daec56e35773b37a553f5e81b7bcd159bcb9517f1b489b1fb652b5d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7000ba6b4774af95527a27f4bd3134e9
SHA1 b0b29ddd8e85aed356e3741460cd5c1df782c000
SHA256 84b3f2d552512293e6e2ca49fa0210c9316051322b246d60597177e7edb737a1
SHA512 90476a349b13cbd38e3ec3a935cf36a3fec7564a22757cca777469522004455ea67ac055bbbc377ec8906f3754ef436d6832b040bd8beb3a5237315af541be06

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg\prefs-1.js

MD5 ea60533c0adce5341a92845304577df7
SHA1 37402b1467345eb8d4dfb04397a4399b6345104e
SHA256 aa86cd173e056f67115ccb7ce5d565325743d933180debae20b3bd8be044304c
SHA512 21bf61470e750a3b44920b8fc41d1f7d53eb33c16ebca3dbd67acdd18a83966ea3a8821fe1034112980c5a151af9279545128235a21c610b1d072ec96e90fd8e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7CFoTg\prefs-1.js

MD5 90ed3366f4663a75b64eff087599372e
SHA1 f6825c2dd5aab4925fd5f73ac3daa7633d31a687
SHA256 756ca4b78029a2dd541a83ffd2d019855d278ea27b82d0fa2d43ad82391434b7
SHA512 14075a2b46dc18299bffcf6ef3fda475f6a5e62e238333279d48917b3b77c1886f4c618528ba5e22de2074b5d1158e7b5f7f39b73a80eed43fe066eec197937b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\startupCache\webext.sc.lz4

MD5 4c52f0e5c66836ae10927fb9eb10bd66
SHA1 a3034ca9be582f2254897b8ba8aa77b468ff6141
SHA256 706c4fc1123a5c02749f5b822f662de4fb66dcf2d72b7001e9a47532172ab8a9
SHA512 520b189b26a1991bdc64a8e7c6bd8fa941db186aeacd74f1336111fba1336ea21618524ea293d2c3ccb259edd42ccc1715e14c89745d0f8adcfc6caf1a0ad381

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\prefs-1.js

MD5 da1c35fdb3af2ae2d13fb4cb6fbc747e
SHA1 619e1912985f352a907f85d289d0a2565ba6abcc
SHA256 b3f5a0b4026944cd270f6f72202278cd663cb0228ebeec4a9cd5d492da669ac9
SHA512 a3085776f5b2e1fe6b7b8c5b8ef5d54c9e525ce22b9bb6fc75bae1100e6c1a95521caab448729c7f4d07bb47c235a67330b9696dc2f19b8f7c9ebe1bc71abebd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRBryLs\prefs-1.js

MD5 f24a37ce4ba1a745cb03c3a3b9c1cda8
SHA1 3e7fcc02f36ce0227fbebded87178327a0790aac
SHA256 84848addbf747ead966eee5d21532023335c2e6a40a7d57d9d09626c801225ba
SHA512 467f4d5f14fc3e616d50d554072c3ea377ce735aa13370a9e1e06217f81ebc4eb526ff8bf7a7f5810193b518145160af3f39950a5d743d50dcad148f437e61f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win10-20240404-en

Max time kernel

292s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2720 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2720 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3608 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3608 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3608 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3608 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3620 wrote to memory of 2148 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3620 wrote to memory of 2148 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3608 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe
PID 3608 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe
PID 320 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 320 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1248 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe
PID 1628 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0efsxh

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0efsxh

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.0.1077875399\35137934" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {8fb409d4-d197-40cc-8e9c-a0445d09c21b} 1628 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.1.1366746731\2001983408" -childID 1 -isForBrowser -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {77a71695-d7c1-4c08-b990-fb8728167743} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.2.1948739586\1372106788" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {d6965bce-4d85-4edc-aeaa-85de32f0dee4} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.3.1036659555\151684260" -childID 3 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {17698f04-eb75-405f-82ab-fbc66eecc429} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.4.1972808347\1370325229" -childID 4 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {0653545e-5579-4626-82f3-bee4f0a0eead} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.5.113604337\1905040961" -childID 5 -isForBrowser -prefsHandle 3708 -prefMapHandle 3712 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {8c5f048f-5652-4c81-8e0c-40f67e2fefcc} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1628.6.1258347176\287765327" -childID 6 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {5769673c-14a7-453f-8505-ea71c4af9299} 1628 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.0.1985064838\78441508" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {fcfa94a7-77e5-47b9-bf1b-2e35d4660a15} 4392 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.1.1750551861\1599708815" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2448 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {b9fc6a09-5e43-401b-859b-e8d2afe854e4} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.2.1427338529\663428328" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {5d1fabbc-7afc-40bb-bd27-170578dea7bb} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.3.1432089953\1621845280" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 2956 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {eea68d75-6f7e-4792-8198-fe5ac384381d} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.4.1076065364\684278952" -childID 4 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {8bf63cff-229a-4bd3-99c8-b41c2f8eec0c} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.5.1442124898\1170669400" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {a431a586-11c9-4567-8909-92ae65a2df28} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.6.968459517\708969883" -childID 6 -isForBrowser -prefsHandle 3744 -prefMapHandle 3752 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {eb0be743-a6ae-418b-874a-aa5dedf1734a} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.0.203386241\66132212" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {415b0ad0-5420-446d-ae46-ec64d8d3f752} 4064 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.1.328735693\159694345" -childID 1 -isForBrowser -prefsHandle 2524 -prefMapHandle 2536 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {f98b21b9-816e-4c01-87fc-8d80c9267f39} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.2.1565224301\1040964067" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {e2ec0f1e-511c-4644-a5e4-afba9c5a36c0} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.3.836905653\1890009343" -childID 3 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {e39905cd-781a-4048-bacd-98bf4a1dd2f4} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.4.597492295\331440398" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {3cf670bb-369c-4542-b3f1-5cf33629dd95} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.5.1672257095\550894932" -childID 5 -isForBrowser -prefsHandle 3224 -prefMapHandle 3004 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {aae02135-42d7-4f5c-a43e-3270a645dcea} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.6.1576532481\1292989811" -childID 6 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {6b1a6fb5-2ffd-4757-ba9a-49b0f2dc53ed} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.0.920088767\834610134" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {d16fa548-0b27-4464-aa56-04d8e5b2b8f9} 2852 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.1.387409075\814610252" -childID 1 -isForBrowser -prefsHandle 2056 -prefMapHandle 2108 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {9c48fe8a-297c-4c27-a5d2-78e015f6bc54} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.2.242367786\817007115" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {ee700f8d-311d-4574-96c9-a6acba2a1441} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.3.1392444406\279680489" -childID 3 -isForBrowser -prefsHandle 3536 -prefMapHandle 3540 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {e3d67de8-91db-49fa-a0aa-f17322dda295} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.4.1447094577\2090984115" -childID 4 -isForBrowser -prefsHandle 2396 -prefMapHandle 2144 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {565569f7-415e-4a76-9022-c2740fee0333} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.5.1544949019\1165134029" -childID 5 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {341c1382-c42d-460e-8a96-78a068136ba7} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.6.479889395\1793643685" -childID 6 -isForBrowser -prefsHandle 3104 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {257b0aee-834a-43d0-a6c5-60433a11f67a} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.7.1098292025\1531884019" -childID 7 -isForBrowser -prefsHandle 4276 -prefMapHandle 4280 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {05ba3f16-d389-4b1c-a1a4-6b1743823c8d} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.8.851867007\1333902957" -childID 8 -isForBrowser -prefsHandle 8420 -prefMapHandle 8396 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1148 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\browser" - {6ffd660b-e17d-4d74-a8de-32f81edff352} 2852 tab

Network

Country Destination Domain Proto
US 198.98.48.20:9100 tcp
US 8.8.8.8:53 20.48.98.198.in-addr.arpa udp
SE 193.11.164.243:9001 tcp
FI 65.108.74.41:443 tcp
DE 146.0.36.21:9006 tcp
US 8.8.8.8:53 243.164.11.193.in-addr.arpa udp
US 8.8.8.8:53 21.36.0.146.in-addr.arpa udp
US 8.8.8.8:53 41.74.108.65.in-addr.arpa udp
DE 146.0.36.21:9006 tcp
N/A 127.0.0.1:50123 tcp
N/A 127.0.0.1:50125 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50245 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50256 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50556 tcp
N/A 127.0.0.1:50564 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50854 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50862 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:51126 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51134 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27202\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI27202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI27202\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI27202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI27202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI27202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI27202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI27202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI27202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI27202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI27202\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI27202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI27202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI27202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI27202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI27202\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI27202\top-1m.csv

MD5 73be86def01ef71d7151076c8a80d29f
SHA1 8731052027a4ad48bc00e31caf91c06dc7494c7c
SHA256 eb8941fa24c9bc35d99436cbea9202a3e499d395fcf7c8a1385207e03338f865
SHA512 e9cf5c0d24ecff617a2e94b1d03ce76875e4c384bbd62134b93638245ccd13368992761ba5abad5ec6209329a0d90c2a8c721c40f2728ead294cfaddf90b65ed

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 be182a61dee4767b66538ad9731bda48
SHA1 91ecdd842dc6b166f8f9937661af754a0dda71cd
SHA256 66e5e1c5337d514d837630c939b87e6115bf4ae6915849df53dbe56060a8028c
SHA512 2ac47b9f5ea392331103333185e4f78f2d953c53c41cab4a2d5f11ced6124c6118e8f1895e3adffd8db7c1b2525178ba276da4c3ae65e47d9c0d8dad9c63453b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 637b6b0921b9780acb739bd945809afc
SHA1 9c89a388664842caacedca3a62bbde82b24f9409
SHA256 fc2582520c3695c2c2a586b0ca2df0aa4111ae1c091f2548031679fc423fb867
SHA512 6b041ef49e994c7441bdf9b8f79cec96c0e5624ddeec2f5ce13b9c2d40a8d4d8980592a7b33276767a37421ae3fa97dce3b425b1bd9a85dd7f42cf51f9f1a1c7

C:\Users\Admin\AppData\Local\Temp\_MEI27202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI27202\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpdj534ex1\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI27202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI27202\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI27202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI27202\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0efsxh\extensions.json

MD5 45055628e8a4d388ea5eb2377c93d7f1
SHA1 29c68a794028627e9558d6a5fb73712a012d13b8
SHA256 80f67edb527e0c0a2722b8084c550cccc0e4dda1589906203d0579360cca0efb
SHA512 f0c04cdbfe158362ccb973b2c47599b152bb664b4b3305a78f4617e9a173607d4d5c7e1bda789fe9ae6e9a47130258c11ec4dcdabe31888e08b8f985919b1cb6

memory/1628-575-0x0000014E843E0000-0x0000014E84550000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 10236a18ef21be85ed52364418aa6fb9
SHA1 504323cb301d25bfe7a08431b653cfcae5026ec7
SHA256 17c9d77f9ed5377da4470aba2345ac166adfc43fe1db3ab1187e120dadf11cf4
SHA512 1e514b7333ae13f1416b725e6a6967f69c8e2abbb367e8c09fafcd9beb8f49bfabe58bab1b6720fb7ff26f9634f81459757f9b82fa365f8a9a29a188b1bb527b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0efsxh\prefs.js

MD5 387d242343f38dcf28ae43cd9748ffc1
SHA1 3914cdf8c67ba61fcfd212b25237c77434a11aeb
SHA256 e102605fd8d152f64eb3cc44ad34251590e627d39f5e15216d2830dc8ae2593f
SHA512 baf207639cca9edd274b3f02f6e27266a958b9d6fd038d020a5147db108d20e896c34af9e4335a7bbaea7022fef74f6173d43322843e4096f866c9643d2b1b05

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0efsxh\prefs-1.js

MD5 dba1c217bc86991bd0c03b5cabe60d54
SHA1 c3fcb8bd378909513cd71fcf2d83c96505ec0ea6
SHA256 08762b9b7c9f582d58e0502f6a79b14866f29a9322a346b926bd75b30bc0a371
SHA512 004cd135c32329d36e3d5d7be33bf7bbf5dc4d4534de5f49fc3a90b7547bf2162fa9fe9e8304dce66a9bb861368d29b5af74da12a2d00e7be4ea501d65a334c1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\prefs-1.js

MD5 d33b678ff6138b17a1f9f7535521ae89
SHA1 52a2976fa08283793145b713e0d507d2ceea2eed
SHA256 20adcab7677b23e1bacd9bc04ad46663bcdbfb628a92c8d2a04b4debf43f6485
SHA512 2fd8f35731798da76e6d0d6b5b986c24e7ee91f835e14b154b367e23fe5ee67a6a876426a1691a57eec3593475ee95df7dc916673fc04fd78a9efafeea019bf6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4392-788-0x000001481C7A0000-0x000001481C7B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\startupCache\webext.sc.lz4

MD5 557bc49ecd32cfc52669bfaa9a054026
SHA1 b8132494af5e9fe914620bee63fafe3974b7882a
SHA256 1ec54c32e134cfd83ccfd46ab60ad7d0275363e1d592e3c382fe3df9e3346db6
SHA512 3fe9e49516e1bce6c43a8787378d22f90587c6a7e7b590b155c5a4020a8ae07ca2358162533c1ea2254ba33242c63223712180576d66a9ed1e4174de9c864a85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\prefs.js

MD5 dcb04a773962c62b324643ac16fb20fb
SHA1 c2691b4c633fa2284ce95c5bb95501c8938a6af8
SHA256 9f2fd74a29a62609ca4addd60e2409bfacbd3ce088a03b060dc8afb658563a26
SHA512 c7cdb964583b26331f7d62626d4a633410458b051f830a1d83387b4d05fd8b7d01f48ede757f0a442308b0e2361721433d2b92bf475d9b2844a6d37462e7f18c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\prefs-1.js

MD5 3d89a94d898bd16000a2dfc9ea64ea1f
SHA1 9233113e4994b20d618bb58b20ab00af529e717c
SHA256 d990bbd03d6f96d9360a7b9955fe634e0bc77ce95ccd946537b2d47142cbd38e
SHA512 72e2b17cc8bdb8d84f93580cfab7de0bfe2da8043459d47366ec923f8052a3b7898834cfd8f545204a4da597a49eb0f82d4a623b88f778df4ac7778c7e72a14f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2x4zEM\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH\user.js

MD5 d5919dd05c874d36fa0f27bbf293bfe7
SHA1 2a04a293516869537ba8f0a2cecad76ac1432754
SHA256 bf514314024f47524e9c74c14744e2a5945aa16f261e9ff5df6160f46dbc7d59
SHA512 c6d350902645d2d177d641dd3835a13ba203d9721a41dcbe33e477f1bf7c0f5d3228507e13cdda6043f7d3e6b6ef333b50e80c38d7074fd0776315611fb1c790

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH\prefs-1.js

MD5 6009a4ce28501345e2c31223ef36c18a
SHA1 b55101b2da05d8b50ecbcb2ca43392d890fbb987
SHA256 66ae7078f73b624659d6929d6346793e7282e53676ff8ea8ded9d701a806101d
SHA512 483965451722d931ae18ad3edc1ca59432ce468350c78b82fc060661a8a0466925bf3a69477962ff849ae2344e9cc805d0091941ab29c73c842ed2e1123f7cdc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehWUKoH\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/2852-1329-0x0000013C8E190000-0x0000013C8E1A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D\prefs-1.js

MD5 eb167650bc787cd7727ae26d4b3ce363
SHA1 e70b59c6a0cd9d6abab1b5bba48ae11ba590fe59
SHA256 dc18d0a7453692a1f5ade9f40bc7fcdc64b6b32348fc9e97d970ea4d9e6e2e1b
SHA512 36d16e58a24b0399c6061c4b91b27b931b47464f02966a75d5e37a7761dafecdf9c632b1a5a7181414f5b3164c6f095b7fdbcf37da825fa916202e8775f6edac

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D\prefs-1.js

MD5 3463e52bf73758bf46891151b192a2eb
SHA1 db4089281d9f94e3395a01db6b8abea95834890b
SHA256 bd9f70c3a87aebff1a5c838a3b2d127caae5ad3c3e9e8d0124c37cf8bbac07ac
SHA512 4b1369cf1c6d0fed53f619f93bc8d3e7c9d5c6c06fe4c388539479f4a89575dc2c6c62c9becf89e504e9c5ddbafef30fb43d6deb427a37fb7bfbf623752c6a10

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRMmG7D\prefs-1.js

MD5 1cd1299288cec5692592fa827e1d728a
SHA1 90dafa498064e3a636956428f638d71254bac0e7
SHA256 fd622c4f1f305f4ebbf09deed269b9d56410fe61ea80e294c6c974f41d5886a8
SHA512 42baa1a506af9158a9cf140273693ec28e28db47a1723cd184fd69ef9723775331a050aa19412caada4bbfc92a533116dcfeba71a3a8e3f96d67221bdb6e0015