Analysis Overview
SHA256
799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce
Threat Level: Shows suspicious behavior
The file light.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Checks whether UAC is enabled
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 01:31
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-09 01:29
Reported
2024-05-09 01:41
Platform
win11-20240426-en
Max time kernel
296s
Max time network
306s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe --port 50003 --websocket-port 50004
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.0.198903558\592919055" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {f389f95b-b2e0-42f9-beed-abbed6f6db02} 2728 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.1.752905956\2050768108" -childID 1 -isForBrowser -prefsHandle 2596 -prefMapHandle 2416 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {7da31e4f-2634-45fd-83de-67dcba64bfe0} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.2.1456215400\584415263" -childID 2 -isForBrowser -prefsHandle 2968 -prefMapHandle 2980 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {dd7e1097-58a2-4fd3-baed-5870973e177c} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.3.1416688142\1769619880" -childID 3 -isForBrowser -prefsHandle 3196 -prefMapHandle 3644 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {ba03c8f6-33ae-4268-9f8c-251b3ba2625a} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.4.475468676\1116288145" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3080 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {4b7faeae-1fbb-4771-a832-299d384a462c} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.5.959452388\1820253994" -childID 5 -isForBrowser -prefsHandle 3728 -prefMapHandle 3384 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {4217e068-8043-457c-a77f-88a245a44eb8} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2728.6.2073467337\1424640227" -childID 6 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {7c3513f8-f86d-4d7b-9698-cba544be0e1f} 2728 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe --port 50003 --websocket-port 50004
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.0.1681762135\1346177635" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {cafc72db-d155-4b3f-9de6-2092788c923d} 1932 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.1.262657158\453983043" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {95f2c205-96d5-4494-a4f3-d7da38f7244d} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.2.1523912668\132154001" -childID 2 -isForBrowser -prefsHandle 3060 -prefMapHandle 3056 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {d273846a-ea48-443c-a708-a33fff5bcb5c} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.3.1924004127\1499325305" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {063b6c02-64c4-40a6-8951-aaec155ad3d4} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.4.1848915750\176827040" -childID 4 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {022dd183-6bfd-4529-acfc-634a69d65a2f} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.5.1316782590\268569541" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {29e715ee-23ca-40ee-ba66-39862aa1162d} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1932.6.1735379678\462360464" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {7ae6da5b-9601-45ec-b989-bc7ad1bbd588} 1932 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe --port 50003 --websocket-port 50004
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.0.1849915012\3687101" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {e60a0d9a-2901-4d87-9283-984bc6922fb9} 540 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.1.894917782\1112521452" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2564 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {d83207c5-6593-4ba6-bf1c-b6a96ae513af} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.2.1215968310\1185890562" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {fbbf1add-4775-45db-a4d5-51bb870d7605} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.3.1223753178\2097537548" -childID 3 -isForBrowser -prefsHandle 3456 -prefMapHandle 3444 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {e721a137-f9ca-4455-97fd-64072f2e0279} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.4.1480125363\340008693" -childID 4 -isForBrowser -prefsHandle 1552 -prefMapHandle 1548 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {d751800b-2790-46ee-8938-07653f768685} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.5.191848991\9860242" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {46cf3c19-bcd1-4cf9-bef0-b11aca7ffba9} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.6.110587774\401076578" -childID 6 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {680f7cc5-597f-4ad5-9ef2-846125c85ef3} 540 tab
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe" -contentproc --channel="540.7.785323022\578414751" -childID 7 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\browser" - {a91d4feb-c755-49fd-b2e9-b3b97fe6de02} 540 tab
Network
| Country | Destination | Domain | Proto |
| DE | 178.254.36.99:443 | tcp | |
| US | 8.8.8.8:53 | 99.36.254.178.in-addr.arpa | udp |
| PL | 45.138.16.107:7430 | tcp | |
| US | 8.8.8.8:53 | 107.16.138.45.in-addr.arpa | udp |
| DE | 195.201.204.149:443 | tcp | |
| DE | 89.58.58.209:443 | tcp | |
| N/A | 127.0.0.1:50106 | tcp | |
| N/A | 127.0.0.1:50108 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50208 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50220 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50533 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50541 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| FI | 95.216.12.30:8000 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50851 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50859 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| DE | 194.36.147.125:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| ES | 79.116.53.116:9002 | tcp | |
| US | 8.8.8.8:53 | 116.53.116.79.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI49722\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\top-1m.csv
| MD5 | ba0857be5e9736dde1f5cc44edd5d21b |
| SHA1 | b130759907909cc97bfe0d9a1fd65b8942c931aa |
| SHA256 | 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca |
| SHA512 | 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | fd5225eac6a4da3c904ac0c620646f46 |
| SHA1 | 9993f18fa6092d2acabecf7c7e9a19c2c66f2627 |
| SHA256 | cd7d8187bc2088d4c3e21521b9966f839ddcb942b272359da552034acb2ed073 |
| SHA512 | f4efbf3d9a55a6addc51d350e686099503029d9c35ebd77ef0f7356b1af40297d1c425c868bc08f1a3dc471e8b8be4e4740ff71bd2ff4826d3fd1bafd52c7f12 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 609ed4a7738d4fa849ca0dcc8b7dcee9 |
| SHA1 | 4d64964c371c9f7e244c321a9530b55010625e8b |
| SHA256 | 6cb41969da3319d6e6be5d03240a9590d759ca0c0ca3a0eb884619b9da3eed39 |
| SHA512 | 6b4685b0c67d7c7aabebd31fc4700573654911e6d92035aa0606d859dde5f45c20d3ec5508376f59ed338dd710c57a9841937969ad8b1744a251abc6ec655f23 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI49722\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus
| MD5 | 80e882ce8268212cf4db9fbe44f95336 |
| SHA1 | 85abc152168a20d8db2c6501aa43a97ea72efc8c |
| SHA256 | 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937 |
| SHA512 | eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5 |
memory/3724-491-0x00007FFCE6E80000-0x00007FFCE6E81000-memory.dmp
memory/3724-490-0x00007FFCE5650000-0x00007FFCE5651000-memory.dmp
memory/2728-546-0x0000018586640000-0x0000018586650000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6\extensions.json
| MD5 | cb0cbf64cbffc3fc3ef3cdcd83b72c14 |
| SHA1 | 4b82b17593a17dd19c2d2b9a06eb938e2157d74f |
| SHA256 | d58761e25d05759c9dbe58e04d9a6097854c45405dbcf1b36c67d25683798389 |
| SHA512 | d8ec8889f6551c5a9d2032c2d8dee6cc894531b6c987ac383f50729f318cc0249710b1a01d6d106f7dd082d0d7e4322c75fb7f4d2361a4aa36f0fbb0e84dd451 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6\prefs.js
| MD5 | d979e6c17e38a55158c7be7ee84a3c86 |
| SHA1 | e01bdf1c8f6765f6eb5bab86a72fcd4db08cdd89 |
| SHA256 | 575db317172426793e46daa2cac6667097ca63da84a29584d80dbe150b42ccd0 |
| SHA512 | 7905ace30235462bc6e260c8d989d804b3206d1ab942cb62f3cc9ba33ada9af67477a83b47f9aa44dbb6c25131a678bcc7c89314b876bbbf37960dd6ffaaa095 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 821db4707d1a0c3ab4e69d13c4b0d112 |
| SHA1 | d099560b2c469606699517f19f3541476e5b4cf9 |
| SHA256 | 462b12e89215d1f28e236e8dbbb41c0e8b77e5e64d12f61695dd254997922b98 |
| SHA512 | 08c7de6703d13a643d1c24fb952a0fccbc26b07690592cfb6120b63298d8ac0c442b59d73c9056a7e441db4c18201bfdec9245044cc44e76c748ae0e0b74a4a2 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6\prefs-1.js
| MD5 | a0f76ad687b84aa78b1984c6a5f12fc8 |
| SHA1 | f4f78d205cd25a25692659f6ecb4753209443cb4 |
| SHA256 | 7298a857fb44773bc10b88535ee01e7441962bb1cf3353723027efc9d252b3e4 |
| SHA512 | 95ea32e4571c45f8d86dcc1b0e040bab0a4e315010d28d7e5ee5ac162c5a8635debb269656a1b6d9f762a85f2ab080b9284236ee0760375ffb65c11d3915794c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVRy6S6\prefs-1.js
| MD5 | 5009207c1a2ace059965de81e753e9f4 |
| SHA1 | 8b1522c735370a20010f177226fe067f1fb0979d |
| SHA256 | 6bae111213dbde5448f60c751845e9b85a5bb243cee3e203786d187a41cc49a0 |
| SHA512 | 30d165b194a3b919952d7d797433169013e83d87cbe6e9ebef87383489accf566c0972aacea23f2cf66a590433f804efefe5d1c02eee7129a4f504ba9cb80a8e |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/1932-834-0x000002A8A2EE0000-0x000002A8A2EF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\prefs.js
| MD5 | ccaaaf5fb9cb12c854a4a9fe44e1cc74 |
| SHA1 | 0cffa5599eb0f47c18658544dcdfd216aa687c2a |
| SHA256 | d4d300618b0e65d55ce2526b648296e619b467ab9208da62b12efaa2c27ae93a |
| SHA512 | 9dd92cd1dc535b14b647ffbb15238bc5d16536c936dab5b7804ffb6453c00f9f74613c3d546f1bb49322fc4d90b7f594b574be2a430aae99440d59c843e27dff |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\startupCache\webext.sc.lz4
| MD5 | c433ecf72e071b68f63b729b15f25bf8 |
| SHA1 | b556eb78e295151151f9bd5329762832aaa72889 |
| SHA256 | 83528ff5d411d2dd52b78ac73377acdbcf3e8815e7914551be963385ff80c7bd |
| SHA512 | f9faad2b036cb17564b9694be3dedebee3f885a36cada8feabf1f9358605207350c02bcb8afb0357e675648d414deef8149b24d44a7d827efc4bb34ef83f0a86 |
memory/1932-891-0x000002A89EA50000-0x000002A89EBC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\prefs.js
| MD5 | 84e14237be54ec0124164b2978c0caf1 |
| SHA1 | 9e7a31238172909250a8582fccc191528cf0b46a |
| SHA256 | 3a48362215e786ee74512a83e6d94333de957699980a26b15a97ea32d2a13541 |
| SHA512 | e78e1055a25a9242027286994273f55c0a5a533a3335788162f68b8d20f66800144ee996092e390ba494d67ed57efce73537e07b471eadaa6aebb40e64270aac |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\prefs-1.js
| MD5 | 37a2e3e5ac10a89ec445bcd71cd19fd9 |
| SHA1 | c6991c251761156e66a04db8c35e4cfc1e30bfb9 |
| SHA256 | bfb4e90d48889e99b03e702e0013a659ac829307be4631e9695b3518ee78cf18 |
| SHA512 | d5e6fb35a628c69c07c7631911780c6675088d76001e6ce8d62aaec02652c19c70ff68684194fe0c179219cb747471f2ca2e9762ad3c36889dc25aa3f918e80a |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledeJiNO\datareporting\glean\db\data.safe.tmp
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv\user.js
| MD5 | b833e8a595ef1d446438c7ee518c3d7c |
| SHA1 | 86ced15d1b32ce9763ce300411f63c8cbe1137e3 |
| SHA256 | 2099bf81e78625976e4d54565ff12877c0e14a344ea61d36902b81f93e2f41df |
| SHA512 | 25e2b3dc64651700a2088e7d7627a7d878c66aa6add9ee42ace68c8e9da6f6b92ab300c77caa54be212a10ddd12abec84b24fa6faca4205c267b44e8bd546f42 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv\prefs-1.js
| MD5 | 54f0db91eed4678d47fd111b1eed4d79 |
| SHA1 | a86fd6fe5e062d0ce8f707067e47e750eeb58007 |
| SHA256 | 24d618ed7e3b01f41a803c4afe272839ff217aa4bd2298800fa0ccc5b16e25e2 |
| SHA512 | a1c46b61d63fa14de8f191a7b4702ae85637470fe25c1a8500d9b1788d9743f04fe6410889d45d1e7604107a297e76b459a291cd6972f51f859295ea9a0b37a4 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletvEowv\prefs-1.js
| MD5 | 793ccb16e99a297501061760454928d4 |
| SHA1 | 8814c50fb7a15e5cdb2804f735126d6048746844 |
| SHA256 | 726fc5d5277038ceff696f07a8529aa07993bf88ba49ead315966b0861aab62a |
| SHA512 | b3bb7d13109a241acb91245b622f9b6ed1842442741d10c75c92797f8b0e7cb339ce370b56946682aae0fbb594e1affba102fbffe12d8b81e84131898cb079d4 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 01:29
Reported
2024-05-09 01:41
Platform
win7-20240221-en
Max time kernel
300s
Max time network
125s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe --port 49466 --websocket-port 49467
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.0.1732348376\107971220" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {0d827c60-08eb-4cef-ac11-47ca3b17b8f9} 2472 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.1.1747309180\283318243" -childID 1 -isForBrowser -prefsHandle 1780 -prefMapHandle 1684 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {f30788db-41d9-403d-8ee5-ba740ee3048f} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.2.483585415\1242024655" -childID 2 -isForBrowser -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {cc2a6076-5437-4b78-8d1e-895ff8342133} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.3.300472830\1304388037" -childID 3 -isForBrowser -prefsHandle 2580 -prefMapHandle 2304 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {bc104321-1539-417c-9378-149a28263334} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.4.764352135\471514828" -childID 4 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {6d23ce53-a160-4f2e-881e-6161dff33625} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.5.1678480424\544056889" -childID 5 -isForBrowser -prefsHandle 2984 -prefMapHandle 2988 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {e7fec1dc-1e8d-4035-859a-fe6ccba0f64d} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.6.1820656662\1044078741" -childID 6 -isForBrowser -prefsHandle 3136 -prefMapHandle 3140 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {2a544b82-fc6e-42bd-b833-36ebe8bf8c5c} 2472 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe --port 49466 --websocket-port 49467
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.0.4973080\1371954164" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {9dcea85d-b029-4faf-8b1b-32a2312e1e14} 2952 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.1.1254094135\282596234" -childID 1 -isForBrowser -prefsHandle 2000 -prefMapHandle 1860 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {c104a849-48f6-4630-970a-812df0c07e12} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.2.1746511786\730947076" -childID 2 -isForBrowser -prefsHandle 2248 -prefMapHandle 2244 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {463e21d1-bad6-4e6c-91f5-24b0fa814e2c} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.3.28366938\1823534332" -childID 3 -isForBrowser -prefsHandle 2328 -prefMapHandle 2408 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {77c2cdb1-d0a3-4336-85d6-0582d28bfd22} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.4.431659518\1695597804" -childID 4 -isForBrowser -prefsHandle 2412 -prefMapHandle 2452 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {acada9ed-da50-4a54-ba43-1955220bf8cc} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.5.479232122\1333781422" -childID 5 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {607e87ee-05ce-49c2-969d-f4f937a206cd} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2952.6.1952415251\1881205020" -childID 6 -isForBrowser -prefsHandle 3000 -prefMapHandle 3008 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 900 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {826ea2e3-9a28-42c1-a184-ec423509cd09} 2952 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe --port 49466 --websocket-port 49467
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.0.78497157\730268477" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {889d0208-0a5d-41bf-8877-eeb592ed9571} 2212 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.1.1679035791\1921330263" -childID 1 -isForBrowser -prefsHandle 852 -prefMapHandle 576 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {9daffb28-2db7-40a4-bb60-2b145b10a58f} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.2.1490647079\1620274613" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {880393c2-3f25-4bb9-b4d9-c220e599a09b} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.3.1291006910\569236782" -childID 3 -isForBrowser -prefsHandle 2240 -prefMapHandle 2368 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {d0aed16d-9edf-4be3-b38b-cf9f013a2e56} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.4.1778123424\19078472" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {8de5a914-42a7-4817-b4c7-9ecdc453cfe9} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.5.942204136\1863001327" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {02571763-bb43-4655-b0fd-e570a9c53c64} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2212.6.905143941\57544413" -childID 6 -isForBrowser -prefsHandle 3096 -prefMapHandle 3100 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {c1f8ecc2-0543-4cfc-ba95-0351b472d510} 2212 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe --port 49466 --websocket-port 49467
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileF7weby
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileF7weby
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.0.1224975906\1997954008" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {0f0b36f6-0e45-41dd-9dce-34d83d6c51e3} 1420 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.1.128638574\295360403" -childID 1 -isForBrowser -prefsHandle 952 -prefMapHandle 1712 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {59b24ce7-889e-4439-8e83-2873e2f02a95} 1420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.2.385052440\506194359" -childID 2 -isForBrowser -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {d6c51846-b098-4364-b789-38398f36b038} 1420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.3.1415428460\907287530" -childID 3 -isForBrowser -prefsHandle 2316 -prefMapHandle 2384 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {a4e09372-c1bf-499a-a377-f4d9d32a23c9} 1420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.4.600572613\262281503" -childID 4 -isForBrowser -prefsHandle 1088 -prefMapHandle 1084 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {28970a93-d7b1-4cef-93f3-29c915d14192} 1420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.5.159539198\1218764682" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {80b4a3b5-3a43-4d90-a8c4-1be5eb0b9308} 1420 tab
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1420.6.665395220\1924480128" -childID 6 -isForBrowser -prefsHandle 1088 -prefMapHandle 1084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\browser" - {0c29ab44-949f-46ef-a9e2-4d8e3480f59a} 1420 tab
Network
| Country | Destination | Domain | Proto |
| DE | 89.58.5.0:587 | tcp | |
| N/A | 127.0.0.1:49511 | tcp | |
| N/A | 127.0.0.1:49555 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49663 | tcp | |
| N/A | 127.0.0.1:49698 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:50135 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50170 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:50591 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50626 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:49466 | tcp | |
| N/A | 127.0.0.1:51047 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:51082 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI26962\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
\Users\Admin\AppData\Local\Temp\_MEI26962\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
\Users\Admin\AppData\Local\Temp\_MEI26962\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
\Users\Admin\AppData\Local\Temp\_MEI26962\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\top-1m.csv
| MD5 | d859c155987a847e8bb15ac15323e119 |
| SHA1 | 01e13e963a5904e34dd10e82f777ead17d3bc71e |
| SHA256 | 4d5e792003f3040a06542e8773e31fa45bc1a89527c9537f99fccb86f9330a67 |
| SHA512 | 952c67c4b073eceb6aaedb1e9e6cc68850f2a86dd22b28a2b7158adadcaa7b689374bb01395b63a008f61f713305ed4a0104392dbcdf0018b54b875745bd750c |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
\Users\Admin\AppData\Local\Temp\_MEI26962\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmpnhtzogtt\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI26962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz\extensions.json
| MD5 | aeb924af8ce215b845f888feb702b834 |
| SHA1 | 76b946b08768c142f529a653eb2da95d663077ae |
| SHA256 | bb727e8d565ca2ffac55a1b21c88d404859f4748a113a74b34a1432837a779ad |
| SHA512 | 5422d082b29d0b25e47e1c0cbbf2891e5c2507119dab59fa415a2679fed9d41b41a80e6086af3d6b971adc50f685251b81de3e724b23a7aca83fdd116511cf87 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz\prefs.js
| MD5 | 116d473245e221837d2012856c7cfef1 |
| SHA1 | 41429f296bec7927b7565476f431a78765f02101 |
| SHA256 | 9a327bcf15fc53dfa5936e7739532f6019da0931b13fdf90450e8477c70af8a2 |
| SHA512 | 6c8f85cc82bf1224a9f44b7c807f8b8aeef68e18af6899ab3276314b2253ce1aa85ecbe65fd9876d6853ad1bfe90cdd83120043156e5f6690103ab57cc2f04f8 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz\prefs-1.js
| MD5 | 458eab04a678d224da07267df09ad1e7 |
| SHA1 | 286394e6851ac141b00701a0a00bc46e489d79a7 |
| SHA256 | bb36f7299c74c955f36832752e3d43719734b8713f6a7efa84a92e736bd59450 |
| SHA512 | b72b5fe8bbd1dfc779165420ebc84313315b0a9766f61b726c94130e825ddf12fad2b216893e7670f16b509c2c28238948e4cc695eca6908cec5306bb3ac796f |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevhT9gz\prefs-1.js
| MD5 | 9ca4e138fd802b1c6a69ff57f2320108 |
| SHA1 | 374cfeb5614c9d29ed5b8f30dc37b7f6f594e466 |
| SHA256 | 9c9a8c56ee3c60b7b1152856ead51adbda12e759b9e7076dd32f101678194e87 |
| SHA512 | 43e446a71ae575e29148300bc2d940830d8b2714a854fe3ac4be6122f64ed633a6b51629dab515d394bba848402606c883fca38336c24181397411adb9b1368d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/2952-1133-0x000000000ACE0000-0x000000000ACF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\startupCache\webext.sc.lz4
| MD5 | 3fa1e687aa6d74c11ffc675331cb523f |
| SHA1 | e86177c3fcd9039e8d5fb1f3d56dbf7372cd16d0 |
| SHA256 | dd0e3fd437beef3ad3572c722fd6236908f2ec792b8c74ff49ed437e586b133d |
| SHA512 | 415832462adc946103ddf8a02afc9c72e889f1412009ed25eb23643de3647c764a3b9d874347fc5b4e0964cd102ec7945a058c688ff639a60b5451bbe1f5513c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\datareporting\glean\db\data.safe.tmp
| MD5 | 1c3c58f7838dde7f753614d170f110fc |
| SHA1 | c17e5a486cecaddd6ced7217d298306850a87f48 |
| SHA256 | 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d |
| SHA512 | 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\prefs-1.js
| MD5 | 0f3bc4e3d3679214ae988c3d04268156 |
| SHA1 | cfd702903ae4bf4b108030bea01a3548e3c2030f |
| SHA256 | b7b94b53111716c5c06aad25fc6973e4fb25b6249870884f8d2341e88a898265 |
| SHA512 | 9cc62fdfa0e47efa3ae1a69cee362d49dcf6c9fd5cc7a015e8d2ede359ef459d9a053734a9e03c5e700d1a83e3350b780bf2651bc30abb89d24fdf7aa1bedbd3 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\prefs-1.js
| MD5 | f36e2dfc9d13252bf18e77d2764c8a89 |
| SHA1 | 8d3f3ad009a9e2d674c881e30d466d3c3cf28104 |
| SHA256 | 7d34ec6a42b036fa3a9f6721f62a6a71f22add57adb2cb10adbb0db7edb57e77 |
| SHA512 | 4e03a060ce19a02fc833ee8e729c4a8cfeea0273e06f8aff6b04b675a7c86700d5c02ea91bbbf50320806004d5c850e630ba7fb4de813561d20afbd6204b9275 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\sessionCheckpoints.json.tmp
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHu50rI\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l\user.js
| MD5 | 30638da6ffe114490cf45aa5b5a49cf5 |
| SHA1 | e150f0a78c172812e310a71ac99d65bbdcad661a |
| SHA256 | 948e392d6e0780272003cd3c26716db860d2823937713398b66ad03ab72abed1 |
| SHA512 | 993fd28810cc0f16c43fb34999a70c8a4275ed4c4d83629ffd11bf35016a8727f62c2d1143905904fcc02ddcdc96760a646b10cd8b8bb4310184a30657c825e3 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l\prefs-1.js
| MD5 | 4afb22717397f194bf08f4824ad3ad80 |
| SHA1 | d27b26094b982336ab483c84e9b1c540fb3ba66c |
| SHA256 | c80d77991b1edea24e2b6209c30ff2a92f93501b7f5b5857aa781e165645849d |
| SHA512 | 343f4c9fe596dcc2618957e7a0c6bcfdaecd7ccc604ed8a3a68bc60011c761dbe4425f835c45a4edc99701f9e1c4949e09c98bf6e21a02bc274907035897ae86 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileC12i6l\prefs-1.js
| MD5 | 4a1dbc274181a6a34958943f75344aeb |
| SHA1 | 4907cc5fbc4b3797d6b2c76bde60d547b09595f9 |
| SHA256 | 1e84abfe50dec86787101908cd8e2041baaf055687c08db2c8ebef8a97123819 |
| SHA512 | b09ea145f8110f7ed922fac468e3470abb5db73736cd0ddd5a4303a16c27b09970249f2711b6deb3de04678215b5dc79bb4462e33e4f77b1a87506a2788203ca |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileF7weby\datareporting\glean\db\data.safe.tmp
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
memory/1420-1992-0x00000000082D0000-0x00000000082E0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 01:29
Reported
2024-05-09 01:42
Platform
win10-20240404-en
Max time kernel
299s
Max time network
319s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe --port 50050 --websocket-port 50051
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.0.1450657808\1526944892" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1452 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {2aff08f1-2fa4-4efd-b801-355b0f277482} 5044 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.1.1494932339\1303007936" -childID 1 -isForBrowser -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {9f6a1bcc-04ef-4b3a-83b9-2f64f065a3f4} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.2.1239988606\1869118267" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {9b60ee08-86b5-4a79-ad58-43075dc3ff91} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.3.1320923478\453693627" -childID 3 -isForBrowser -prefsHandle 3140 -prefMapHandle 3368 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {08920d00-51e2-411e-9a4a-02bfcd6d302c} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.4.133455888\996476358" -childID 4 -isForBrowser -prefsHandle 3628 -prefMapHandle 3044 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {ab9d2f85-90cf-4db7-b613-1fa010515c5b} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.5.1713182355\1108179637" -childID 5 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {51093066-b2d0-4993-876e-02352f64e9da} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="5044.6.919804435\581007673" -childID 6 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {7bb0064b-49d3-4ce7-9f70-d884b9832dd8} 5044 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe --port 50050 --websocket-port 50051
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.0.1843129956\39074357" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {2f00b012-9e8e-4a00-a381-acc2f0fa36b0} 2012 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.1.1483070257\633766077" -childID 1 -isForBrowser -prefsHandle 2268 -prefMapHandle 2640 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {c65bb441-9121-4f36-92db-279451722b02} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.2.2058208588\511797069" -childID 2 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {22088c28-f340-43ce-9ffe-81a35b0179f6} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.3.934955902\1857653032" -childID 3 -isForBrowser -prefsHandle 2508 -prefMapHandle 2252 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {2e37084e-4e3b-4415-9079-1b262e3ed971} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.4.1909265565\132824045" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {b269b532-0728-4278-aa1e-dc0fcbab1f45} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.5.625994873\1342514347" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {84db4907-8378-4668-b418-6c043d5991e0} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.6.122810766\743430665" -childID 6 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {a2e10a1e-2565-4ae7-a695-28f6a29de065} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.7.1027867402\202312144" -childID 7 -isForBrowser -prefsHandle 4264 -prefMapHandle 4280 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {6e3f43bf-1aef-4d5d-af3b-1a7b7bcdc735} 2012 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe --port 50050 --websocket-port 50051
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50051 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.0.276600416\1173453884" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {79aad1e5-f3f2-411e-b84a-5ee7281b726a} 1904 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.1.1350769437\1866561572" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2312 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {9e59d9cc-6698-4bf1-9ee4-fcd9f9944b5e} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.2.64041243\159915079" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {c4ad9a80-dadb-44db-8dce-3aa8ddf011d6} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.3.462750867\179068902" -childID 3 -isForBrowser -prefsHandle 3128 -prefMapHandle 3288 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {05e5186a-2ea1-4cd0-9b20-80f069c34235} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.4.2037811411\619268717" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {7a0bd17f-7be6-4225-bd60-a88855c4158d} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.5.779517476\1066511246" -childID 5 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {699d9425-c43f-40aa-b951-dde0c349908f} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.6.2022699516\1641199387" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {eb3060f9-f131-4b1a-852e-17899c4a7206} 1904 tab
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.7.705484632\1296164970" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\browser" - {3b9020a8-9dff-4415-bd85-3271d2458dcd} 1904 tab
Network
| Country | Destination | Domain | Proto |
| CH | 144.2.112.79:9001 | tcp | |
| US | 8.8.8.8:53 | 79.112.2.144.in-addr.arpa | udp |
| DE | 46.228.199.128:9001 | tcp | |
| NL | 212.162.153.159:9003 | tcp | |
| US | 8.8.8.8:53 | 159.153.162.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.199.228.46.in-addr.arpa | udp |
| N/A | 127.0.0.1:50153 | tcp | |
| N/A | 127.0.0.1:50155 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50256 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50266 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50565 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50573 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| N/A | 127.0.0.1:50888 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50896 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI44482\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
\Users\Admin\AppData\Local\Temp\_MEI44482\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
\Users\Admin\AppData\Local\Temp\_MEI44482\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
\Users\Admin\AppData\Local\Temp\_MEI44482\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
\Users\Admin\AppData\Local\Temp\_MEI44482\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
\Users\Admin\AppData\Local\Temp\_MEI44482\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | fd5225eac6a4da3c904ac0c620646f46 |
| SHA1 | 9993f18fa6092d2acabecf7c7e9a19c2c66f2627 |
| SHA256 | cd7d8187bc2088d4c3e21521b9966f839ddcb942b272359da552034acb2ed073 |
| SHA512 | f4efbf3d9a55a6addc51d350e686099503029d9c35ebd77ef0f7356b1af40297d1c425c868bc08f1a3dc471e8b8be4e4740ff71bd2ff4826d3fd1bafd52c7f12 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
\Users\Admin\AppData\Local\Temp\_MEI44482\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmpnbwq1mjt\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
\Users\Admin\AppData\Local\Temp\_MEI44482\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\top-1m.csv
| MD5 | 6eeda31aac8ee2759ae54dd89cb294ac |
| SHA1 | 880d0d31693aabb324c22afc5a018239c98b3dfd |
| SHA256 | e77adec293a226be1c263ad72f2e6abc657a53c5b9812fd4435accd5207284a1 |
| SHA512 | 1a70e46b50f7e41a119e555f03796a8aa254ba801d91e42276d8bf15a90816202a21bc9d37049ada77b01f1ea856df10994d324497adfa80434788ea366b3281 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI44482\geckodriver.exe
| MD5 | ecd8efd4cab1e6f7d84483c09c9ce6b7 |
| SHA1 | aafe438def0edbe9176f462d1e4e8c4a1883540c |
| SHA256 | 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec |
| SHA512 | eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9 |
\Users\Admin\AppData\Local\Temp\_MEI44482\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
\Users\Admin\AppData\Local\Temp\_MEI44482\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
\Users\Admin\AppData\Local\Temp\_MEI44482\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 80e882ce8268212cf4db9fbe44f95336 |
| SHA1 | 85abc152168a20d8db2c6501aa43a97ea72efc8c |
| SHA256 | 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937 |
| SHA512 | eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5 |
memory/5044-533-0x00000209DABF0000-0x00000209DAC00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B\extensions.json
| MD5 | 7f1d412be8a7ecb80846110b3c4eff7e |
| SHA1 | 589f60568e68d1039f9075bc4efd5bd783a772b8 |
| SHA256 | c57820594b9fb8722009e0dc32b00dfff82a0ad5b179970b0bdfa6a301cc090a |
| SHA512 | 6081e2754b9a5bedab22d98ea64c3ea273636a1b81c630db0d5056f7180e9cff7680804907fb86cc1175a00d09cb28861fcec4f1ea0ad83e1d03a77f44308f14 |
memory/5044-575-0x00000209D0D20000-0x00000209D0E90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B\prefs-1.js
| MD5 | a4c20c2ccedbcf362657e823232863f4 |
| SHA1 | 9a072e950f38677f7fcdb0709d8fa9bd7b4ecb50 |
| SHA256 | 0a5d252ab54b667add108e6555dd87cf465383d550be4577e271df3db1ccf118 |
| SHA512 | f1ffee36a306214d4bc361556a10799e4bb8db5d40ce44fa0bb3710e78accbd68fd82505e908090755832b90782b88327983f4c52a5248f34de4a7db2303565a |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B\prefs-1.js
| MD5 | c6cbd4e88c07dc67c5829e5f8442d33e |
| SHA1 | 13b6cca70b3fbe673334574c677eeefba4bbabf8 |
| SHA256 | f6cb657e150ae42e09b30ff8a67a9a4c8f36177d30a60638ed0326f7a03a332f |
| SHA512 | 35081c87ef6d282694dba2d3badde9c76b30411000653cc9fe5169584ccc0acaa7ae7e9ddb72a697913d47dd933ff93a21149fac58edc092ace6aad917cb5b50 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 47a734be0929597788122fce640b0419 |
| SHA1 | 1e87c71634029fdc7339a4c279cd55786752aed9 |
| SHA256 | 073af5db18e01f519d09988891c318bdcdace52bb6dbee3c0fe6207fe73020a6 |
| SHA512 | fed727b5baa59f5841f2d210eee3516a33b7bfbf2a3bf5668bc66875cf79a58549b8472fae936a0c31a5f2c24d18b7b57098ab204045036cca745ac13ef6c3a0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile981f0B\prefs-1.js
| MD5 | 09ccb79b58b9a4349d8908ebf39b09e2 |
| SHA1 | 248536e39fb8a151619c3fd0d11b3d2949a1fc46 |
| SHA256 | fbab2ffe95e901bdf54084f9e7e95f8e983cf35f2b2c546a4a1ede4077298257 |
| SHA512 | 458d1fafe6f85c0411dbc961908c3543371a5ac685335cefab3945a0d784f4b378c4b613eb035a226db9d0cb7bed463a47a17ca0c6823a4412f1705771f4dd34 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\datareporting\glean\db\data.safe.tmp
| MD5 | 7fba44cb533472c1e260d1f28892d86b |
| SHA1 | 727dce051fc511e000053952d568f77b538107bb |
| SHA256 | 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf |
| SHA512 | 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031 |
memory/2012-822-0x000001FA3E190000-0x000001FA3E1A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\startupCache\webext.sc.lz4
| MD5 | 1b799cc5b6cf681cfa54d37c8ce8cb06 |
| SHA1 | 2f0fae44eb2fe74542df923e37f0c7e23a74fd17 |
| SHA256 | ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03 |
| SHA512 | 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\prefs-1.js
| MD5 | eb0fb53073231ca40fc8b04277d7ed56 |
| SHA1 | b82f2a19caefb0f75750af4a6cfca8c84d4ee4b4 |
| SHA256 | 8a8a14b9ba7c75690fce4d18d1e1c2811ec0d83f8f4decb94b6d5acd61b9aae7 |
| SHA512 | 99228dce7ae2b43e89c8384f2779b3896e3757cd604ec19477cbeabd0f22dbf67c6db8840202a1c7e48509ee9389d37b5a8baffd766241778614699eee196d6b |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\prefs-1.js
| MD5 | 29408c8262a1e200f83cb0203ea3d7be |
| SHA1 | 391f3dcb3ab6539c50c9dde46a2c2986705b763c |
| SHA256 | 51aee3e5cd40bd240c4dd2a3bb467a9be6b57716662dcc1ad24df0ae77886519 |
| SHA512 | 664222fae231c8c927ede90634027b06dbc28764b47769a65207312e4d13dbabf462b605cfbf0fb035eb7f578147bd385978083b2c740e10e3bc1b7801903851 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\sessionCheckpoints.json.tmp
| MD5 | 29ce37dc02c78bbe2e5284d350fae004 |
| SHA1 | bab97d5908ea6592aef6b46cee1ded6f34693fa2 |
| SHA256 | 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693 |
| SHA512 | 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEUVd5c\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\user.js
| MD5 | 3cce8d3c9a6d0a49cad3156699e190df |
| SHA1 | 0704429f75fec0f8a34420de22028291b243691c |
| SHA256 | f8334fe437d133563f030622777e6089b57553df1237d5e4e8b97adf66e75fe6 |
| SHA512 | 939dcdd0dd3fe52d5997470ed515da465a584cebe58c9b5efd3761caec63857139944a5d3450c1bbc8717ca292840867992dadb0646522b131fb6ee40ecfe329 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\prefs-1.js
| MD5 | 44d4677dd5b2bb7cbaff12b28de93ecd |
| SHA1 | 1d9b5fbe95639436a149e7a7dd7481c76bc8d83a |
| SHA256 | 05a27a0b4c2c7addcfa71adf9a55690b1c14af70ffb02252cdf17e2cc4d0592f |
| SHA512 | dcfe360165fde540584c151105c3c1a47dd715493a26315ef77dfb7a053c5c510402bb3e0be970f727d37b138eedc26df5c9be4c6bd3693e15d51c2f402fa266 |
memory/1904-1092-0x00000207DC4A0000-0x00000207DC4B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\datareporting\glean\db\data.safe.bin
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\startupCache\scriptCache-child-new.bin
| MD5 | 2724d7dd31542eea53805994d9290cd8 |
| SHA1 | 7b5d8536b060269d79848eaa6e2362333bc0f8ec |
| SHA256 | 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1 |
| SHA512 | 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\prefs-1.js
| MD5 | 6cc823cb6f2261e0797ee843034a31f9 |
| SHA1 | 03c183fabf9dd2ed5ac7ae1b187eb6d62a3c93e7 |
| SHA256 | 1ceb993e1605882416a4d4488b6de61831b4bb371afa8f9f8307200fa560e763 |
| SHA512 | a4a99591627852811290efbaad66e93b5a3725a1222b5921121185d9c289e409ef9cd1a743900f6fe170ac1fbcb7d360a2547465650cdede82e8ef13aaf38100 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletLnEGU\prefs-1.js
| MD5 | 37aa873f4ef81de62311d5f52dc0bde7 |
| SHA1 | aaaa07e0bfe0997735d733ecb283d61b39005230 |
| SHA256 | 85558fb8ea57b3038ec6ba4a292429dd3170bc29ec2b83f5b17a8b4fb5add538 |
| SHA512 | d740f6d5335c512fda6e0fdb14ef57cad8eae152e750f21d956e14aaab2995357f49139a0d4c2e7e57f80e1e72bde6a7b8a3f8d9c12c6fc4aa3da32e8eab598f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-09 01:29
Reported
2024-05-09 01:41
Platform
win7-20240221-en
Max time kernel
293s
Max time network
304s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI19082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19082\geckodriver.exe --port 49468 --websocket-port 49469
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenTdZX4
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenTdZX4
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.0.272463255\633436039" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {4feaab07-c9e7-4bb4-bf84-bccee385eb79} 1484 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.1.955388701\1056164911" -childID 1 -isForBrowser -prefsHandle 572 -prefMapHandle 548 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {75b1ba07-3e14-4328-8729-9a57fff8a6c2} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.2.353027406\994975622" -childID 2 -isForBrowser -prefsHandle 2368 -prefMapHandle 2372 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {c72d203f-d648-4090-9d16-e7f03b346be6} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.3.208357779\1898203153" -childID 3 -isForBrowser -prefsHandle 2316 -prefMapHandle 2344 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {866bdd22-8889-46be-bf67-6b9fd9897412} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.4.1365330284\755479728" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {49327808-8995-4896-92ee-64bf01a7a4c7} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.5.1712099438\1832395324" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {d53c4974-56fb-43b4-8c21-ca9469569d95} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.6.1606031865\334860500" -childID 6 -isForBrowser -prefsHandle 3128 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {1179ee12-43fd-4f75-8b9e-5cc8af4ff632} 1484 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19082\geckodriver.exe --port 49468 --websocket-port 49469
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.0.12727804\2131417502" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {638d5269-2d75-483c-80ca-460c64310187} 1548 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.1.239403266\1906324115" -childID 1 -isForBrowser -prefsHandle 940 -prefMapHandle 1684 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {914779bb-3ae9-4cdc-b6b7-938dc20c5d36} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.2.1918070052\1480822286" -childID 2 -isForBrowser -prefsHandle 2320 -prefMapHandle 2324 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {d6b43dac-2bb4-479d-8441-98312f40a01c} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.3.1336168938\55488778" -childID 3 -isForBrowser -prefsHandle 2436 -prefMapHandle 2312 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {867f178a-222f-4e1a-b1f6-5e5709aefb22} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.4.944599621\1187240474" -childID 4 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {157b55d6-92e4-4a2a-b380-703ba4cb24f2} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.5.1410019095\1789156623" -childID 5 -isForBrowser -prefsHandle 2976 -prefMapHandle 2980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {8a0835a7-0b5f-465e-864c-3101c70ae647} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.6.2035007252\1540652547" -childID 6 -isForBrowser -prefsHandle 3136 -prefMapHandle 3140 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {c5fb19bb-fa67-4f89-b389-b4cbc9391958} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.7.733527985\1035106773" -childID 7 -isForBrowser -prefsHandle 3216 -prefMapHandle 2024 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {4728ce4a-18e0-4cfc-be78-38111d9896ca} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.8.881093856\298792925" -childID 8 -isForBrowser -prefsHandle 3224 -prefMapHandle 1720 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {76fd3865-d2a3-4c43-9745-e56f6476071d} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.9.1041272629\1250404735" -childID 9 -isForBrowser -prefsHandle 1680 -prefMapHandle 3440 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {20d3c763-2ec5-4151-8d33-ad03b905f225} 1548 tab
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1548.10.626309100\204923070" -childID 10 -isForBrowser -prefsHandle 3196 -prefMapHandle 3200 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\browser" - {276b1fde-c2e2-4ad1-af2c-e8d414243f18} 1548 tab
Network
| Country | Destination | Domain | Proto |
| CA | 158.69.205.92:9001 | tcp | |
| PL | 45.141.215.169:8430 | tcp | |
| DE | 87.106.159.40:443 | tcp | |
| CA | 149.56.126.142:9001 | tcp | |
| N/A | 127.0.0.1:49572 | tcp | |
| N/A | 127.0.0.1:49574 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:49666 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:49701 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:50170 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:50205 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI19082\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
\Users\Admin\AppData\Local\Temp\_MEI19082\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
\Users\Admin\AppData\Local\Temp\_MEI19082\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\top-1m.csv
| MD5 | 5d5d60688e91428167604a4c9ea6be5e |
| SHA1 | 48bdc8648d38f1e6ef73f7ea808d5d4740d3e034 |
| SHA256 | b7d74044d85e40e7a90fb3360b9e31ab78cc36b076062827d54ae6e42f6c9dcf |
| SHA512 | 49662fa9b0f4578d39ed29e8fd065e19ec89ce75f7d0c836524cd853e40cc0dbb2e31d77d0c67a69b19b1c2427188e652d6f68e31dc82fcd01ad82fd78ccbea2 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
\Users\Admin\AppData\Local\Temp\_MEI19082\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | abcb53f4a9baa3ef74664136297bf134 |
| SHA1 | d6a301e000d217406f6e47749de33aaa0d06e8a1 |
| SHA256 | 9872e83adafc20835cbd1e84e255252329675e22fe47b6c2e2c0196597128c23 |
| SHA512 | 3c016cbbcf76aedb129a119d257ce1ca86c3b60a6961b6e29c51421cb0124d8738dc30f4c182cc06cebddc22ef56af4d4bb0b8681656a75ee697bcf7014d4e6c |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\tmpl2i6f6nh\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 9415904a5cb4e85834a092b458673028 |
| SHA1 | 914ef3b1757f041d6c55bef87416d38da5be9c62 |
| SHA256 | bcce2ffdf0e7fde5a6e1c3909cb1d1ec33042632df06c3674e7a765df58e3beb |
| SHA512 | 9a671c9fa44ec23069941f24fd737fbc37175c781138bf6b9560cd1e3dfb45b026ece4184bb5d3903eae37b914e8cd29a1b381bab8aa57da9deefff1141d5cc6 |
\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 637b6b0921b9780acb739bd945809afc |
| SHA1 | 9c89a388664842caacedca3a62bbde82b24f9409 |
| SHA256 | fc2582520c3695c2c2a586b0ca2df0aa4111ae1c091f2548031679fc423fb867 |
| SHA512 | 6b041ef49e994c7441bdf9b8f79cec96c0e5624ddeec2f5ce13b9c2d40a8d4d8980592a7b33276767a37421ae3fa97dce3b425b1bd9a85dd7f42cf51f9f1a1c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 3e5d1660e5396e470670d033b022322a |
| SHA1 | 855179cf681be02c876e481c71c8d34dfe89eb91 |
| SHA256 | 8cf3a30d85a5a5658789177eb5b1ce168d1596b97b2336c25a390e92ba1897ff |
| SHA512 | 046f58174ddf71c4e5f024cb1753c12786917d066222ba7a515f386b7c5b86ef86d3dfc64371ff3e5df869ebb35d76e34dcb8ecf3027e2f27cb0751c1a12d080 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI19082\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
\Users\Admin\AppData\Local\Temp\_MEI19082\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
\Users\Admin\AppData\Local\Temp\_MEI19082\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
\Users\Admin\AppData\Local\Temp\_MEI19082\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenTdZX4\extensions.json
| MD5 | 3fac76cb960d16eae18368f5b3dbb0e8 |
| SHA1 | 032d4bc7c9c5d1120c4e6b496f0f92b76544e7db |
| SHA256 | 9cb46287645399ee8ed5a0248cd8f8beecfe96f4e4e03c1b006f9c91373274d6 |
| SHA512 | 09f9b761b28943fa9928ad1d0b498a709d2a89a595c87b6b8f119245dd3a28cc47f96427b1fa9f6f899f0fef1a35c62065b693abb8158e1e89e06e4f49065395 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 6075c220956de0dfd09c8aac0e258585 |
| SHA1 | 1f1e19731eb9351acb2e17f10900b521bdf34ec3 |
| SHA256 | d15c020c5378b8e415d06eb9c13820ebdf2bc79059e76fe439c17670f74ce2c0 |
| SHA512 | d6d45d1d013dcde13e335070910a3716bca63a2b78bdc3078cc2704797fd2f46c9fd375dec3c74691d703a2e80e2c9495c6aedf5886f0c377ffa86ac9c9f4134 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenTdZX4\prefs-1.js
| MD5 | 273777634bc3dd94e891672df02177d0 |
| SHA1 | 92cea2a01655654776beb4876d8a7544fc7ab5c2 |
| SHA256 | 79b8c79f1a38f219f4982f3fefa833a4259550f482abe7790849ca632a2c1953 |
| SHA512 | a6af14f9cdd97b22df88a690a2829032e749a1748b3b7bc3d9cd5be11dec513d48f1203cbf49a99096099066e76322755ad2cf73e781dda9f7df6f17cc6ae10d |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenTdZX4\prefs-1.js
| MD5 | 823097d47377b91cc4971cfece291399 |
| SHA1 | 188f1851873befe2a8fd85b8e7f3965d16e2523a |
| SHA256 | 822253bb877ccd24567ce87f96b8ebb148a6d98b0826e5bbdb1d147c851c68f6 |
| SHA512 | 0e5b61318506281843f1847476e3f42ffc742a0caf2c61ee35b8e321bf567248588a84817aaafe57ecf47a9cdb626686fd03c63af20163d90bb05ee5e81b4a1a |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | fec26bb8b2208bd087d215044cb29f84 |
| SHA1 | df4af44d9a0e0092aef326f553e634171d6830aa |
| SHA256 | 8df0180b0e1a0dd4a969b74a5015c1a049647adc6887171178edc188d626ed77 |
| SHA512 | 6d45e902f42e739aacbe3f2ac82ecb2d353809ed8ec32f40389dce6a337dc99daf981009a52a51644377ae64dd20633dc1a7c11819b9a12f0a65bedef30aa02c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\prefs-1.js
| MD5 | 07ee5ed627e4e56e5654f075933da830 |
| SHA1 | 9f8560b0bcf86ea497928d1dc08de7080507d5c8 |
| SHA256 | 4f29c6b3f7e6951f329d647f2212a614d886f034c255c2f420274f6f4517feaa |
| SHA512 | 3ccabcc912473345d7dad084ca666739200b30957a2c8f5d7ae370ca2c0776bab3daed9498bf8d18b8eddf73c4832459979eb557453639cbcde90bed849bb5e5 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\startupCache\webext.sc.lz4
| MD5 | b0110f46fdfd70085587056e4a2cc8ea |
| SHA1 | ef16764c282f652393235c65d7103965f2cc41e1 |
| SHA256 | 0c402227260aeecb6b174b2646e7020c7f88d6070d9534eb07cf606c7d4a8644 |
| SHA512 | b9252c0cfdbb9a074a931921250a63e69202e7bd748dde659c5379b16bed24de6344c4b924afd1479ef9616da35040da32386ebf3a0a0991ba274af659f91c14 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\prefs-1.js
| MD5 | 72c6b583d3e0c3dcdd20eac257bd98cf |
| SHA1 | 2299bd4042dcb4ae2f64f0f4bf9e33121e6da4b7 |
| SHA256 | 74de96edca39b89b4b1270ac2f12f9783601d2a6e7fc80cd0062cfbe6bfbd6bf |
| SHA512 | b26525201ff11dc19c1e88f9670e032c3339595c9f51446f2865fa155cb1f4e36e21ca771871ec513510603bc15a9d602961ced6c4a5d79dde2f890ebdfc0068 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileChRu1f\prefs-1.js
| MD5 | c174fe84804fb23d2d3f2096abb95810 |
| SHA1 | af5848fa5790eaec1edbdab732deed081f5f6cd9 |
| SHA256 | ed94045b4ff2faed958063e1b01c648edddf1394b099f94f7eb8800133e80bf7 |
| SHA512 | e13118703346ad2d48ba3113c960e157918c1c688d9a2b291a636133c1a10f20a9d7694ea9fa64b14f7097cf32ad047ed058225d65ca50dcfab6362f721815ea |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-09 01:29
Reported
2024-05-09 01:42
Platform
win10v2004-20240508-en
Max time kernel
292s
Max time network
308s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Users\Admin\AppData\Local\Temp\light.exe
"C:\Users\Admin\AppData\Local\Temp\light.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI18802\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI18802\geckodriver.exe --port 62752 --websocket-port 62753
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62753 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62753 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.0.258469042\298110292" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {f3889bdd-d30b-4dda-a042-e0401eda1a91} 4568 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.1.349832640\1617792234" -childID 1 -isForBrowser -prefsHandle 2432 -prefMapHandle 2540 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {deb0276b-a677-4a10-a7a4-9abf9bb4102a} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.2.1859807005\1155702988" -childID 2 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {b6dadb9a-711a-407b-b3b1-f7d5a85755fe} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.3.1327606444\73332000" -childID 3 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {45295e86-9690-44d3-ba58-7f50c88da92f} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.4.1833856289\897371369" -childID 4 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {ba46941a-1f3d-4ff2-9a10-204ee0429c1e} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.5.471786815\1985535611" -childID 5 -isForBrowser -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {82d7a84a-6716-4f1e-bbcd-cd35265a1106} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4568.6.2097132842\1744497598" -childID 6 -isForBrowser -prefsHandle 4368 -prefMapHandle 4372 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {ede50d4c-fc1e-42b0-a50b-b193a8c2432d} 4568 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\geckodriver.exe
C:\Users\Admin\AppData\Local\Temp\_MEI18802\geckodriver.exe --port 62752 --websocket-port 62753
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62753 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62753 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.0.1866062818\1882147532" -parentBuildID 20240416150000 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {516a12af-4dcb-452f-a919-3f4c67ab5583} 1456 gpu
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.1.783263502\599664738" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2432 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {66ed8a05-8279-4474-a8e8-a2df1cb1d230} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.2.2067348430\498136128" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3296 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {e4659387-7834-4323-9f2b-194063e01075} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.3.854724800\1570035867" -childID 3 -isForBrowser -prefsHandle 3276 -prefMapHandle 3356 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {98e825dd-9edd-4337-88eb-b371b36934ee} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.4.1691016714\81046644" -childID 4 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {7fe7df80-f7be-4334-a474-baf883565e1a} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.5.1599805347\715276297" -childID 5 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {c4453291-b8f1-42a9-8bec-8361210dec70} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.6.1620627991\1755878815" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {a6876eec-4d72-4a7b-b387-61f714523e89} 1456 tab
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1456.7.385026154\521127291" -childID 7 -isForBrowser -prefsHandle 1412 -prefMapHandle 3720 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\browser" - {d2051bf9-6a3a-4dab-ba0b-c6e0f671f95e} 1456 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:62855 | tcp | |
| N/A | 127.0.0.1:62857 | tcp | |
| DK | 185.129.61.5:443 | tcp | |
| TR | 5.252.74.238:443 | tcp | |
| N/A | 127.0.0.1:62752 | tcp | |
| DE | 144.91.125.239:9001 | tcp | |
| US | 8.8.8.8:53 | 239.125.91.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.252.5.in-addr.arpa | udp |
| N/A | 127.0.0.1:62752 | tcp | |
| N/A | 127.0.0.1:62952 | tcp | |
| N/A | 127.0.0.1:62960 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 68.97.244.129:9050 | tcp | |
| CA | 158.51.121.164:443 | tcp | |
| DE | 193.41.226.147:9000 | tcp | |
| US | 8.8.8.8:53 | 129.244.97.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.121.51.158.in-addr.arpa | udp |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | 147.226.41.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:62752 | tcp | |
| N/A | 127.0.0.1:62752 | tcp | |
| N/A | 127.0.0.1:62752 | tcp | |
| N/A | 127.0.0.1:63295 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:63303 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:9151 | tcp | |
| US | 162.251.116.18:443 | tcp | |
| US | 8.8.8.8:53 | 18.116.251.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI18802\python38.dll
| MD5 | 26ba25d468a778d37f1a24f4514d9814 |
| SHA1 | b64fe169690557656ede3ae50d3c5a197fea6013 |
| SHA256 | 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128 |
| SHA512 | 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\VCRUNTIME140.dll
| MD5 | 4a365ffdbde27954e768358f4a4ce82e |
| SHA1 | a1b31102eee1d2a4ed1290da2038b7b9f6a104a3 |
| SHA256 | 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c |
| SHA512 | 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\base_library.zip
| MD5 | 09f7062e078379845347034c2a63943e |
| SHA1 | 9683dd8ef7d72101674850f3db0e05c14039d5fd |
| SHA256 | 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629 |
| SHA512 | a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_ctypes.pyd
| MD5 | 291a0a9b63bae00a4222a6df71a22023 |
| SHA1 | 7a6a2aad634ec30e8edb2d2d8d0895c708d84551 |
| SHA256 | 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324 |
| SHA512 | d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_bz2.pyd
| MD5 | a49c5f406456b79254eb65d015b81088 |
| SHA1 | cfc2a2a89c63df52947af3610e4d9b8999399c91 |
| SHA256 | ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced |
| SHA512 | bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_lzma.pyd
| MD5 | cf9fd17b1706f3044a8f74f6d398d5f1 |
| SHA1 | c5cd0debbde042445b9722a676ff36a0ac3959ad |
| SHA256 | 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4 |
| SHA512 | 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_ssl.pyd
| MD5 | d4dfd8c2894670e9f8d6302c09997300 |
| SHA1 | c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e |
| SHA256 | 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0 |
| SHA512 | 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_socket.pyd
| MD5 | 4827652de133c83fa1cae839b361856c |
| SHA1 | 182f9a04bdc42766cfd5fb352f2cb22e5c26665e |
| SHA256 | 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba |
| SHA512 | 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_queue.pyd
| MD5 | dd146e2fa08302496b15118bf47703cf |
| SHA1 | d06813e2fcb30cbb00bb3893f30c2661686cf4b7 |
| SHA256 | 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051 |
| SHA512 | 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\_hashlib.pyd
| MD5 | 5e5af52f42eaf007e3ac73fd2211f048 |
| SHA1 | 1a981e66ab5b03f4a74a6bac6227cd45df78010b |
| SHA256 | a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b |
| SHA512 | bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\unicodedata.pyd
| MD5 | 601aee84e12b87ca66826dfc7ca57231 |
| SHA1 | 3a7812433ca7d443d4494446a9ced24b6774ceca |
| SHA256 | d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762 |
| SHA512 | 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\top-1m.csv
| MD5 | ba0857be5e9736dde1f5cc44edd5d21b |
| SHA1 | b130759907909cc97bfe0d9a1fd65b8942c931aa |
| SHA256 | 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca |
| SHA512 | 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\select.pyd
| MD5 | e21cff76db11c1066fd96af86332b640 |
| SHA1 | e78ef7075c479b1d218132d89bf4bec13d54c06a |
| SHA256 | fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28 |
| SHA512 | e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\pyexpat.pyd
| MD5 | 2ae23047648257afa90d0ca96811979f |
| SHA1 | 0833cf7ccae477faa4656c74d593d0f59844cadd |
| SHA256 | 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95 |
| SHA512 | 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\nss3.dll
| MD5 | 71747091d34cc634b9ad3c360b45b0a9 |
| SHA1 | 111cf483836f6a392f64bc9398a327be1c43dfc8 |
| SHA256 | 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf |
| SHA512 | b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\mozglue.dll
| MD5 | 3e4d1ec1d2a6e85593459601b5a0a828 |
| SHA1 | 92ee422285282dcb170cbc7808299d14d8d27963 |
| SHA256 | eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5 |
| SHA512 | 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\mozavutil.dll
| MD5 | 4ecbb73d44518fc2b601a1ac9a38dcad |
| SHA1 | f7c96e85d5b32af8efb784e75164ec4f0c6f4f10 |
| SHA256 | 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52 |
| SHA512 | 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\lgpllibs.dll
| MD5 | 726abf1280adf3129481b94b2bc644c4 |
| SHA1 | 404f69e71296f2d199535e8a6d9fb56707fcbc5f |
| SHA256 | 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a |
| SHA512 | 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\geckodriver.exe
| MD5 | f60c542253cbe94f762e15c7b064b55d |
| SHA1 | 7a32f034217266db6d799893edc976e891a82944 |
| SHA256 | 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa |
| SHA512 | 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | 8565a303ddc83b03f8662b034597de18 |
| SHA1 | ce6453779eb52055599ddba097a95ab82512ae5b |
| SHA256 | b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd |
| SHA512 | 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json
| MD5 | 48fcad918c62db97e9af1dba1d131473 |
| SHA1 | d89381594d3241b0e645033f67572a5d8c166764 |
| SHA256 | dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c |
| SHA512 | 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
| MD5 | 47539d0337e97e22a728afc2638d461f |
| SHA1 | d97b37079543b33b9b605c787945f809aed66fd6 |
| SHA256 | 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5 |
| SHA512 | 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
| MD5 | 41c22c9f81a84b1b0e5ee7ec2ff7c545 |
| SHA1 | d12424cba9e4e9124bf3f15e556c562b95c9b6a3 |
| SHA256 | 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f |
| SHA512 | 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
| MD5 | 797325af481a14ae243f10d5f24b4a0d |
| SHA1 | 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1 |
| SHA256 | 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1 |
| SHA512 | ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite
| MD5 | 7f2754df6a4a580b15910f449892766d |
| SHA1 | 9dcaad98563ed89781f53941cbc43db5454de7f5 |
| SHA256 | d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654 |
| SHA512 | 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ecb1dedf5ef99417494e424ca42eb67f |
| SHA1 | e2a293cbba50c6624e75cdaffe472967f3961023 |
| SHA256 | cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be |
| SHA512 | 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2
| MD5 | 7abc816e004d9ed0f292770cfa8876cb |
| SHA1 | 4a1eeb702543f0819ef7c64b9f3bfd53be292106 |
| SHA256 | 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e |
| SHA512 | 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite
| MD5 | d277f533f1d77e26d09bb66764bbeea6 |
| SHA1 | 082920ebe7dfb870cf94a99fc601fd5ae8b456ee |
| SHA256 | 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3 |
| SHA512 | 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite
| MD5 | cbb1daad9fc48ab13e35fcd3621a5999 |
| SHA1 | 0eec8ece735465aea259f8223762f93fb13a97a0 |
| SHA256 | 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da |
| SHA512 | 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2
| MD5 | 2c740091198dcf20b9c600791e2bcc3c |
| SHA1 | dd6f376ba9139ddec20ece64da0760054133db96 |
| SHA256 | e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59 |
| SHA512 | a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
| MD5 | b6d7fc9b6ebc5f46500acc52bf6c9808 |
| SHA1 | 4fd8111c436d89b83890e98b4cb7d0343e568340 |
| SHA256 | 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974 |
| SHA512 | 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
| MD5 | 2eeb46e1c58ff1cce4ac2d4d725b2cc6 |
| SHA1 | 89aa36e77e51da31fbbfd682a2acc91f6016d275 |
| SHA256 | e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a |
| SHA512 | 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite
| MD5 | 0351b833a5c095852e821535974441c8 |
| SHA1 | bcbf5c294852c2d80af7862d19791b994aea7706 |
| SHA256 | dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef |
| SHA512 | 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | e2e8f9cf938f81b1185086b12c5c9d90 |
| SHA1 | b67c857a7002b3262f09ffc9fa8524c58a01e5b9 |
| SHA256 | a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2 |
| SHA512 | 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f |
C:\Users\Admin\AppData\Local\Temp\tmpn909_z99\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
| MD5 | a3fb2788945937b22e92eeeb30fb4f15 |
| SHA1 | 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa |
| SHA256 | 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd |
| SHA512 | 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json
| MD5 | d2e8aceaa00ad916618bea2eee81aedf |
| SHA1 | 28b26f0db0b4b2504a418983089795761c56e4a1 |
| SHA256 | fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622 |
| SHA512 | b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
| MD5 | 2ec530a71bdac21f299f9ddb823be222 |
| SHA1 | 5425aaf19c0832cda06be506e88f2435f432d287 |
| SHA256 | ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3 |
| SHA512 | 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
| MD5 | 26dd091069531a62061de8ca1c56d46b |
| SHA1 | 6c9daa73f096174f28f86c9bb245cb8a540f5c2d |
| SHA256 | 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a |
| SHA512 | 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
| MD5 | e50a617598b0f635e6f9ae4a9d445b78 |
| SHA1 | a372ec393dd6271bd00cf02f894152887765da8b |
| SHA256 | c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5 |
| SHA512 | e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4
| MD5 | 85de06e3d4c6f39404776f3c7162c59b |
| SHA1 | 3e4b8ecebaa9c903d220ee23d367be8e8ba27619 |
| SHA256 | 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a |
| SHA512 | 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963 |
C:\Users\Admin\AppData\Local\Temp\_MEI18802\Tor Browser\Browser\firefox.exe
| MD5 | 65aa9b0f57d72e4d70e9226322221adc |
| SHA1 | 85fec174d0977afd8c0100c9d9b53c958e1949bf |
| SHA256 | 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410 |
| SHA512 | f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85 |
memory/2772-483-0x00007FF865DC0000-0x00007FF865DC1000-memory.dmp
memory/2772-482-0x00007FF867BB0000-0x00007FF867BB1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi\extensions.json
| MD5 | e0b71ab6a7ad418b9b2a717dec49dfda |
| SHA1 | 6b6281ddc0f8a9535442bdf8fe54e19bacaf4f5a |
| SHA256 | 743d96b022810f399459bde454a7f7f310fe2cd63b3e8929e617f9758a5eafcf |
| SHA512 | b195368d493e6d6e683bd999b787978c8002f06402913ed28cfd5724a905c5b0ae306e309920ab41e5c03e2500e1cb23b94fe37ff1053ce2237d2d10af2e8ddc |
memory/4568-553-0x000001A87B570000-0x000001A87B580000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi\prefs-1.js
| MD5 | 99c10a6100f798744877fa9ed3ddd599 |
| SHA1 | 8942f8d6a0108d58e893820f3ac77e1901d43377 |
| SHA256 | ab83793f277df6acea536d70aee62d1d67780aae5a0b3a295e0ae68abd542157 |
| SHA512 | 8126cce644dcc6a4c0c25bf35e87295da958cf0d1a9a16cf82fae115b6027444834c9dd807b55f9071b97c04676b3839d773c45e95d80e2149982358277f9a6b |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi\prefs-1.js
| MD5 | b691514baf588ce01a11b43c33a9b582 |
| SHA1 | 218da8a21f2e820df6bdf7efc664097cc6a3bb70 |
| SHA256 | c8f4881851077aeb6f2baf4bbb727b587fc9dd110ae95dee2e22b42001596a47 |
| SHA512 | d9de4f5ee6a1d75be95ec8b43578d5bd189793d7dff59acce92c8a3acbddeeda2080086835bb8ce5f1722b8fca6a182fffda4597c9dce895c2f8294a1250e909 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
| MD5 | 80e882ce8268212cf4db9fbe44f95336 |
| SHA1 | 85abc152168a20d8db2c6501aa43a97ea72efc8c |
| SHA256 | 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937 |
| SHA512 | eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | d7f8c27798f201aa0b3e6d812ad5f438 |
| SHA1 | dfb481b80477052d8ee0212525e07a68677096e3 |
| SHA256 | b9d699091f0f6ef4a00e047a504511f985a14f3836283dec01c5d015ca0f9bfe |
| SHA512 | 1508d97c2912e42147b779ad62a509bda9ce09af026db02420ddf50433a38294f59f36c624bbcf5e1e8069534b06c36bed1304f2e4d139175bc9140bc2ebfc59 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFW6bmi\prefs-1.js
| MD5 | 93d390d8b40796d921ba84f4e5b8ba0a |
| SHA1 | 8b5ad85405574b01811dff6af568c20a8f609d04 |
| SHA256 | a2be207f54ac313f77828ad10da96731bffadbf73e606881ccb3569cb45aad84 |
| SHA512 | 9c88481e35a631f22fb56ce9c6cbb2df318dde71502776d42a42981dd9634ce6bf4f90e670ac43b9cb7429fe95760fae5a5373182b56804fd19196180e1558ab |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/1456-858-0x000002CE005D0000-0x000002CE005E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\prefs.js
| MD5 | 7a293a4e2fad0684d0e8c35fcda28dbe |
| SHA1 | 6139a974805dfaf3d8fc2c2fb0d57e62571633ab |
| SHA256 | b26728e3ea066bd73b451a19c061ef3cf6c99747618437b204656cf7d4d9f283 |
| SHA512 | 890e9c378e402535d632b79452fc6a43e8925fc0754d714a1c7fe94d8383bfb82b4ec4ea6b2409583d1a0a9aa8314e6cea3e037d0ffcb0664bf1057ef7d1d094 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\extension-preferences.json
| MD5 | b4298c9a240d6b7b63346daf94013802 |
| SHA1 | 9ce98168437854b51b198c16186c05129f0c273b |
| SHA256 | e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5 |
| SHA512 | 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\startupCache\webext.sc.lz4
| MD5 | 557bc49ecd32cfc52669bfaa9a054026 |
| SHA1 | b8132494af5e9fe914620bee63fafe3974b7882a |
| SHA256 | 1ec54c32e134cfd83ccfd46ab60ad7d0275363e1d592e3c382fe3df9e3346db6 |
| SHA512 | 3fe9e49516e1bce6c43a8787378d22f90587c6a7e7b590b155c5a4020a8ae07ca2358162533c1ea2254ba33242c63223712180576d66a9ed1e4174de9c864a85 |
memory/1456-898-0x000002CDF6050000-0x000002CDF61C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\prefs.js
| MD5 | a00d7ca63fdd62fb0583127c6167fefd |
| SHA1 | dbf0c443cc99cda56fb50e4502c656671d360c65 |
| SHA256 | b7385ee928d9631d6f4c5d91e864611dd5f3a902525a2367eae69ab2febe80cb |
| SHA512 | 95c7c67c37bd1ad503c52fafc3d1590a801225ba02ab1f9607f97ba8051de4357b65e8f07ddbcceb692bff5e68a70c314c20e51dee099309da5179ac44a9dcac |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\broadcast-listeners.json
| MD5 | 97c3738563a9448365a735f5f29ed3d5 |
| SHA1 | 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57 |
| SHA256 | 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24 |
| SHA512 | ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6 |
C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0ZmzAp\prefs-1.js
| MD5 | 27874ae9c095c3a783783ff8b138c5eb |
| SHA1 | 5b9714fed50885837f09fa60e1f02b81361b3692 |
| SHA256 | 5e6eb04735cf5f25eca39b9440bf44745e9774a18672339e3e90a381cbc72c84 |
| SHA512 | 1c53e94f153b9ceee4892dbcbfd32071d1d9699bb537d2d26bfcbb201d58e24fae309322dc2169f3d88bf6ae5e391b9df9ea79e4c1d82d39f8935829df73cd10 |